TLS failover behaviour and a backtrace if want it.

FRANKS, Andy (SHREWSBURY AND TELFORD HOSPITAL NHS TRUST) andy.franks1 at nhs.net
Wed Nov 20 15:40:22 CET 2019 

Thank you Alan, super quick!
Kind Regards
Andy

-----Original Message-----
From: Alan DeKok <aland at deployingradius.com>
Sent: 20 November 2019 13:33
To: FreeRadius users mailing list <freeradius-users at lists.freeradius.org>
Cc: Matthew Newton <mcn at freeradius.org>; FRANKS, Andy (SHREWSBURY AND TELFORD HOSPITAL NHS TRUST) <andy.franks1 at nhs.net>
Subject: Re: TLS failover behaviour and a backtrace if want it.

On Nov 20, 2019, at 8:21 AM, FRANKS, Andy (SHREWSBURY AND TELFORD HOSPITAL NHS TRUST) via Freeradius-Users <freeradius-users at lists.freeradius.org> wrote:
>
> That worked fine.

  Good to hear.

> Please say if you need the full pre-crash output, I've chopped it to what I thought was needed.

  No, that's OK.

> The crash happens when you get to the "no more servers available", be that the only 1 server in the pool that's down, or 2 that are both down etc.  Hopefully unlikely in production anyway!

  I happens.  *Anything* can happen with RADIUS :(

> Using radsec exclusively for forwarding, just in case it's relevant, no tried with udp/tcp.
>
> By the way, not worth another mail I don't think; I noticed something else tiny in the output that might need sorting, a typo really:
>
> In the warning message about not setting the tls version to 1.2 for radsec, it says :
>
> Please set: min_tls_version = "1.2"

  ?  The code is:

$ git grep 'Please set'
src/main/tls.c:                 WARN("Please set: tls_min_version = \"1.2\"");

  So that seems OK.

> Anyway the crash, hope it's more use this time..

  Yes.  I've pushed a fix.

  Alan DeKok.



********************************************************************************************************************

This message may contain confidential information. If you are not the intended recipient please inform the
sender that you have received the message in error before deleting it.
Please do not disclose, copy or distribute information in this e-mail or take any action in relation to its contents. To do so is strictly prohibited and may be unlawful. Thank you for your co-operation.

NHSmail is the secure email and directory service available for all NHS staff in England and Scotland. NHSmail is approved for exchanging patient data and other sensitive information with NHSmail and other accredited email services.

For more information and to find out how you can switch, https://portal.nhs.net/help/joiningnhsmail

More information about the Freeradius-Users mailing list