Session resumption problem

[David Mitchell]

Alan DeKok wrote:
> David Mitchell wrote:
>> I was searching back in the archives, and in September there was a user
>> who reported a problem with session resumption. I'm seeing the exact
>> same symptoms I believe, also on Debian 5.0 with OpenSSL 0.9.8g. I never
>> saw any follow up? Is there a fix known for this? I am using a locally
>> compiled version of FreeRadius 2.1.7. It's linked against the system
>> OpenSSL libraries though. Building a local 0.9.8k or even 1.0.0 is
>> certainly an option if there is a chance it will help.
> 
>   There isn't a lot we can do.  It's not clear *why* OpenSSL resumes
> sessions when session resumption is disabled.

I did manage to find an easy workaround for this. Simply enabling the
cache in eap.conf allows these connections to succeed. I think there may
still be a bug somewhere, or maybe more than one. At a minimum it seems
a bit foolish for wpa_supplicant to keep trying to do a fast reconnect
after getting an Access-Reject.

Whatever the root problem is, there is an easy workaround. I wanted to
follow up primarily in case others find this thread in the future it
will have a workaround. I'm guessing the only real downside to enabling
the EAP cache is memory usage, which I'm not too worried about.

-David Mitchell



> 
>   Alan DeKok.
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html


-- 
-----------------------------------------------------------------
| David Mitchell (mitchell at ucar.edu)       Network Engineer IV  |
| Tel: (303) 497-1845                      National Center for  |
| FAX: (303) 497-1818                      Atmospheric Research |
-----------------------------------------------------------------