FR3 and EAP-TLS session cache

Alan DeKok aland at deployingradius.com
Thu Jun 18 14:04:54 CEST 2015


On Jun 18, 2015, at 7:25 AM, Jüri Palis <jyri.palis at gmail.com> wrote:
> But I had an impression that in-memory and persistent cache behave exactly the same way except persistent cache can survive daemon restarts. So what you are saying is that EAP-TLS session resumption works only when persistent disk caching is enabled?

  No.  My tests show that if you enable the "cache" sub-section of the EAP module, it does in-memory session caching.

  You MUST set attributes to cache.  See raddb/mods-available/eap, and the "cache" sub-section.

  The TLS-* attributes are available ONLY when a client certificate is used, as with EAP-TLS.

  It works in all of my tests.

  Alan DeKok.




More information about the Freeradius-Users mailing list