Note that the RADIUS server needs to cache the MSK derived from the original TLS exchange; I am curious how the patch that got submitted handled this...
It sets a flag in OpenSSL telling OpenSSL to cache the SSL session contexts. :)
Ah, of course. FWIW, TTLSv0 has this to say about that: [Implementation note: Toolkits that implement TLS often cache resumable TLS sessions automatically. Implementers must take care to override such automatic behavior, and prevent sessions from being cached for possible resumption until the user has been positively authenticated during phase 2.] josh. JANET(UK) is a trading name of The JNT Association, a company limited by guarantee which is registered in England under No. 2881024 and whose Registered Office is at Lumen House, Library Avenue, Harwell Science and Innovation Campus, Didcot, Oxfordshire. OX11 0SG