Hello, I'm currently working on configuring the TLS cache and noticed that, upon reconnection, the client rewrites both files (.asn1 and .vps) in the configured directory. From what I understand, it should reuse the information stored in those files to avoid reestablishing the TLS connection from scratch. Alan, I promise I’ve read the comments in the configuration files, but I’m still struggling to fully understand how it works. I’d really appreciate it if you could help clarify this for me. root@loli-pc:/var/log/freeradius/tlscache# ll total 24K drwxr-xr-x 2 freerad freerad 4,0K jul 19 07:54 . drwxr-x--- 4 freerad freerad 4,0K jul 19 06:03 .. -rw------- 1 freerad freerad 1,2K jul 19 07:54 35b6e644d6e9796809a07643ceee2542bcf311ef233ba29f8cec94d87d26e36f.asn1 -rw-r--r-- 1 freerad freerad 1,5K jul 19 07:54 35b6e644d6e9796809a07643ceee2542bcf311ef233ba29f8cec94d87d26e36f.vps -rw------- 1 freerad freerad 1,2K jul 19 07:54 95c5a5a5c3d3a9d5dfc5055fb9e68097f5f53d64ce5b0fbd0c8a2ffaadba6fc8.asn1 -rw-r--r-- 1 freerad freerad 1,5K jul 19 07:54 95c5a5a5c3d3a9d5dfc5055fb9e68097f5f53d64ce5b0fbd0c8a2ffaadba6fc8.vps Fisrts connection 8) # Executing group from file /etc/freeradius/sites-enabled/default (8) authenticate { (8) eap: Removing EAP session with state 0x08b1afdb0eb6a23f (8) eap: Previous EAP request found for state 0x08b1afdb0eb6a23f, released from the list (8) eap: Peer sent packet with method EAP TLS (13) (8) eap: Calling submodule eap_tls to process data (8) eap_tls: (TLS) EAP Got final fragment (110 bytes) total 2642 (8) eap_tls: (TLS) EAP Done initial handshake (8) eap_tls: (TLS) TLS - Handshake state - Server SSLv3/TLS write server done (8) eap_tls: (TLS) TLS - recv TLS 1.2 Handshake, Certificate (8) eap_tls: (TLS) TLS - Creating attributes from 2 certificate in chain (8) eap_tls: TLS-Cert-Serial := "7903974cb1367854b0fb2ee672ff78c68211ba5e" (8) eap_tls: TLS-Cert-Expiration := "250726070714Z" (8) eap_tls: TLS-Cert-Valid-Since := "250527070714Z" (8) eap_tls: TLS-Cert-Subject := "/C=FR/ST=Radius/L=Somewhere/O=Example Inc./emailAddress=admin@example.org/CN=free.loli.local" (8) eap_tls: TLS-Cert-Issuer := "/C=FR/ST=Radius/L=Somewhere/O=Example Inc./emailAddress=admin@example.org/CN=free.loli.local" (8) eap_tls: TLS-Cert-Common-Name := "free.loli.local" (8) eap_tls: TLS-Cert-CRL-Distribution-Points += " http://www.example.org/example_ca.crl" (8) eap_tls: (TLS) TLS - Creating attributes from 1 certificate in chain (8) eap_tls: TLS-Client-Cert-Serial := "02" (8) eap_tls: TLS-Client-Cert-Expiration := "250726070721Z" (8) eap_tls: TLS-Client-Cert-Valid-Since := "250527070721Z" (8) eap_tls: TLS-Client-Cert-Subject := "/C=FR/ST=Radius/O=Example Inc./CN=lolito/emailAddress=userdsdsd@example.org" (8) eap_tls: TLS-Client-Cert-Issuer := "/C=FR/ST=Radius/L=Somewhere/O=Example Inc./emailAddress= admin@example.org/CN=free.loli.local" (8) eap_tls: TLS-Client-Cert-Common-Name := "lolito" (8) eap_tls: TLS-Client-Cert-CRL-Distribution-Points += " http://www.example.com/example_ca.crl" (8) eap_tls: TLS-Client-Cert-X509v3-Extended-Key-Usage += "TLS Web Client Authentication" (8) eap_tls: TLS-Client-Cert-X509v3-Subject-Key-Identifier += "FD:D3:42:C8:4A:F1:0C:65:A5:A3:B6:8E:2A:73:B0:FA:B2:0D:CF:CD" (8) eap_tls: TLS-Client-Cert-X509v3-Authority-Key-Identifier += "86:BC:40:4A:6E:B2:66:02:81:A5:75:19:DF:93:B8:AD:12:75:75:60" (8) eap_tls: TLS-Client-Cert-X509v3-Extended-Key-Usage-OID += "1.3.6.1.5.5.7.3.2" (8) eap_tls: (TLS) TLS - Handshake state - Server SSLv3/TLS read client certificate (8) eap_tls: (TLS) TLS - recv TLS 1.2 Handshake, ClientKeyExchange (8) eap_tls: (TLS) TLS - Handshake state - Server SSLv3/TLS read client key exchange (8) eap_tls: (TLS) TLS - recv TLS 1.2 Handshake, CertificateVerify (8) eap_tls: (TLS) TLS - Handshake state - Server SSLv3/TLS read certificate verify (8) eap_tls: (TLS) TLS - Handshake state - Server SSLv3/TLS read change cipher spec (8) eap_tls: (TLS) TLS - recv TLS 1.2 Handshake, Finished (8) eap_tls: (TLS) TLS - Handshake state - Server SSLv3/TLS read finished (8) eap_tls: (TLS) TLS - send TLS 1.2 ChangeCipherSpec (8) eap_tls: (TLS) TLS - Handshake state - Server SSLv3/TLS write change cipher spec (8) eap_tls: (TLS) TLS - send TLS 1.2 Handshake, Finished (8) eap_tls: (TLS) TLS - Handshake state - Server SSLv3/TLS write finished (8) eap_tls: Serialising session 95c5a5a5c3d3a9d5dfc5055fb9e68097f5f53d64ce5b0fbd0c8a2ffaadba6fc8, and storing in cache (8) eap_tls: WARNING: (TLS) TLS - Wrote session 95c5a5a5c3d3a9d5dfc5055fb9e68097f5f53d64ce5b0fbd0c8a2ffaadba6fc8 to /var/log/freeradius/tlscache/95c5a5a5c3d3a9d5dfc5055fb9e68097f5f53d64ce5b0fbd0c8a2ffaadba6fc8.asn1 (1175 bytes) (8) eap_tls: (TLS) TLS - Handshake state - SSL negotiation finished successfully (8) eap_tls: (TLS) TLS - Connection Established (8) eap_tls: TLS-Session-Cipher-Suite = "ECDHE-RSA-AES256-GCM-SHA384" (8) eap_tls: TLS-Session-Version = "TLS 1.2" (8) eap: Sending EAP Request (code 1) ID 8 length 61 (8) eap: EAP session adding &reply:State = 0x08b1afdb0fb9a23f (8) [eap] = handled (8) } # authenticate = handled (8) Using Post-Auth-Type Challenge (8) # Executing group from file /etc/freeradius/sites-enabled/default (8) Challenge { ... } # empty sub-section is ignored (8) session-state: Saving cached attributes (8) Framed-MTU = 994 (8) TLS-Session-Information = "(TLS) TLS - recv TLS 1.3 Handshake, ClientHello" (8) TLS-Session-Information = "(TLS) TLS - send TLS 1.2 Handshake, ServerHello" (8) TLS-Session-Information = "(TLS) TLS - send TLS 1.2 Handshake, Certificate" (8) TLS-Session-Information = "(TLS) TLS - send TLS 1.2 Handshake, ServerKeyExchange" (8) TLS-Session-Information = "(TLS) TLS - send TLS 1.2 Handshake, CertificateRequest" (8) TLS-Session-Information = "(TLS) TLS - send TLS 1.2 Handshake, ServerHelloDone" (8) TLS-Session-Information = "(TLS) TLS - recv TLS 1.2 Handshake, Certificate" (8) TLS-Session-Information = "(TLS) TLS - recv TLS 1.2 Handshake, ClientKeyExchange" (8) TLS-Session-Information = "(TLS) TLS - recv TLS 1.2 Handshake, CertificateVerify" (8) TLS-Session-Information = "(TLS) TLS - recv TLS 1.2 Handshake, Finished" (8) TLS-Session-Information = "(TLS) TLS - send TLS 1.2 ChangeCipherSpec" (8) TLS-Session-Information = "(TLS) TLS - send TLS 1.2 Handshake, Finished" (8) TLS-Cache-Filename = "/var/log/freeradius/tlscache/95c5a5a5c3d3a9d5dfc5055fb9e68097f5f53d64ce5b0fbd0c8a2ffaadba6fc8.asn1" (8) TLS-Session-Cipher-Suite = "ECDHE-RSA-AES256-GCM-SHA384" (8) TLS-Session-Version = "TLS 1.2" (8) Sent Access-Challenge Id 94 from 192.168.122.1:1812 to 192.168.122.64:53296 length 119 (8) EAP-Message = 0x0108003d0d8000000033140303000101160303002805edd07841a6a266432a9833cf13cb26374e5900c2967dbef35d48b18a7f8be25844724e2f9a0645 (8) Message-Authenticator = 0x00000000000000000000000000000000 (8) State = 0x08b1afdb0fb9a23fa8fead84ac6fdcc0 (8) Finished request Second (17) # Executing group from file /etc/freeradius/sites-enabled/default (17) authenticate { (17) eap: Removing EAP session with state 0x4a09d2574c0edf49 (17) eap: Previous EAP request found for state 0x4a09d2574c0edf49, released from the list (17) eap: Peer sent packet with method EAP TLS (13) (17) eap: Calling submodule eap_tls to process data (17) eap_tls: (TLS) EAP Got final fragment (110 bytes) total 2642 (17) eap_tls: (TLS) EAP Done initial handshake (17) eap_tls: (TLS) TLS - Handshake state - Server SSLv3/TLS write server done (17) eap_tls: (TLS) TLS - recv TLS 1.2 Handshake, Certificate (17) eap_tls: (TLS) TLS - Creating attributes from 2 certificate in chain (17) eap_tls: TLS-Cert-Serial := "7903974cb1367854b0fb2ee672ff78c68211ba5e" (17) eap_tls: TLS-Cert-Expiration := "250726070714Z" (17) eap_tls: TLS-Cert-Valid-Since := "250527070714Z" (17) eap_tls: TLS-Cert-Subject := "/C=FR/ST=Radius/L=Somewhere/O=Example Inc./emailAddress=admin@example.org/CN=free.loli.local" (17) eap_tls: TLS-Cert-Issuer := "/C=FR/ST=Radius/L=Somewhere/O=Example Inc./emailAddress=admin@example.org/CN=free.loli.local" (17) eap_tls: TLS-Cert-Common-Name := "free.loli.local" (17) eap_tls: TLS-Cert-CRL-Distribution-Points += " http://www.example.org/example_ca.crl" (17) eap_tls: (TLS) TLS - Creating attributes from 1 certificate in chain (17) eap_tls: TLS-Client-Cert-Serial := "02" (17) eap_tls: TLS-Client-Cert-Expiration := "250726070721Z" (17) eap_tls: TLS-Client-Cert-Valid-Since := "250527070721Z" (17) eap_tls: TLS-Client-Cert-Subject := "/C=FR/ST=Radius/O=Example Inc./CN=lolito/emailAddress=userdsdsd@example.org" (17) eap_tls: TLS-Client-Cert-Issuer := "/C=FR/ST=Radius/L=Somewhere/O=Example Inc./emailAddress= admin@example.org/CN=free.loli.local" (17) eap_tls: TLS-Client-Cert-Common-Name := "lolito" (17) eap_tls: TLS-Client-Cert-CRL-Distribution-Points += " http://www.example.com/example_ca.crl" (17) eap_tls: TLS-Client-Cert-X509v3-Extended-Key-Usage += "TLS Web Client Authentication" (17) eap_tls: TLS-Client-Cert-X509v3-Subject-Key-Identifier += "FD:D3:42:C8:4A:F1:0C:65:A5:A3:B6:8E:2A:73:B0:FA:B2:0D:CF:CD" (17) eap_tls: TLS-Client-Cert-X509v3-Authority-Key-Identifier += "86:BC:40:4A:6E:B2:66:02:81:A5:75:19:DF:93:B8:AD:12:75:75:60" (17) eap_tls: TLS-Client-Cert-X509v3-Extended-Key-Usage-OID += "1.3.6.1.5.5.7.3.2" (17) eap_tls: (TLS) TLS - Handshake state - Server SSLv3/TLS read client certificate (17) eap_tls: (TLS) TLS - recv TLS 1.2 Handshake, ClientKeyExchange (17) eap_tls: (TLS) TLS - Handshake state - Server SSLv3/TLS read client key exchange (17) eap_tls: (TLS) TLS - recv TLS 1.2 Handshake, CertificateVerify (17) eap_tls: (TLS) TLS - Handshake state - Server SSLv3/TLS read certificate verify (17) eap_tls: (TLS) TLS - Handshake state - Server SSLv3/TLS read change cipher spec (17) eap_tls: (TLS) TLS - recv TLS 1.2 Handshake, Finished (17) eap_tls: (TLS) TLS - Handshake state - Server SSLv3/TLS read finished (17) eap_tls: (TLS) TLS - send TLS 1.2 ChangeCipherSpec (17) eap_tls: (TLS) TLS - Handshake state - Server SSLv3/TLS write change cipher spec (17) eap_tls: (TLS) TLS - send TLS 1.2 Handshake, Finished (17) eap_tls: (TLS) TLS - Handshake state - Server SSLv3/TLS write finished (17) eap_tls: Serialising session 35b6e644d6e9796809a07643ceee2542bcf311ef233ba29f8cec94d87d26e36f, and storing in cache (17) eap_tls: WARNING: (TLS) TLS - Wrote session 35b6e644d6e9796809a07643ceee2542bcf311ef233ba29f8cec94d87d26e36f to /var/log/freeradius/tlscache/35b6e644d6e9796809a07643ceee2542bcf311ef233ba29f8cec94d87d26e36f.asn1 (1175 bytes) (17) eap_tls: (TLS) TLS - Handshake state - SSL negotiation finished successfully (17) eap_tls: (TLS) TLS - Connection Established (17) eap_tls: TLS-Session-Cipher-Suite = "ECDHE-RSA-AES256-GCM-SHA384" (17) eap_tls: TLS-Session-Version = "TLS 1.2" (17) eap: Sending EAP Request (code 1) ID 8 length 61 (17) eap: EAP session adding &reply:State = 0x4a09d2574d01df49