Force update of TLS cache

Jonathan Gazeley Jonathan.Gazeley at bristol.ac.uk
Mon Feb 29 14:34:03 CET 2016


In our EAP-PEAP sessions, the typical conversation length is 10 packets. 
We have TLS caching enabled, but I noticed the TLS cache is populated 
during packet 4, which is before processing has started on the tunneled 
authentication.

Is it possible to force an update of the cache entry from the 
inner-tunnel server e.g. to add attributes that are only available at 
this stage? I attempted to call an update by doing this in the 
inner-tunnel server:

update control {
     Cache-TTL := 0
}
cache_tls_session

This caused authentications to fail with "cache_tls_session (fail)" and 
no further information is given. Is it possible to do this?

Thanks,
Jonathan


More information about the Freeradius-Users mailing list