Session resumption
Jonathan Gazeley
Jonathan.Gazeley at bristol.ac.uk
Thu Feb 11 10:59:00 CET 2016
On 11/02/16 09:51, A.L.M.Buxey at lboro.ac.uk wrote:
> Hi,
>
>> Is there are a way to fabricate EAP/MSCHAPv2 packets such that we
>> can reliably provoke the server into using session resumption or
>> not? This way we would be able able to
>> test->capture->debug->fix->repeat much more quickly.
>
> use eapol_test from the wpa_supplicant system
>
> its likely that you have some policy or unlang corner-case that isnt
> matching the cache...or you arent querying the existing cache entry
> and adding other stuff based on the new NAS id - possibly roaming
> events between 2 seperate controllers etc etc
>
Thanks for the suggestions. We already use eapol_test for monitoring and
testing/debugging but I'm not sure how to generate packets that
definitely lead to resumed sessions. Is there an attribute I need to add?
I'm inclined to agree with you about corner cases, although the first
thing I did to rule out sources of error is disable the TLS cache.
Somehow we still seem to be getting resumed sessions, though.
I appreciate nobody can give anything other than a speculative answer
until I've come up with the debug logs :)
Cheers,
Jonathan
More information about the Freeradius-Users
mailing list