If I run a TCPDump from one of the clients that is sending Auth-Requests to my RADIUS server, I have noticed that in the Access-Challenge messages back from the server you can see certificate details that I have put in the various cnf files in etc/freeradius/3.0/certs. For example, I can see the 'organizationName' and 'emailAddress' from the server.cnf file amongst other details and strings of hashed data within the TCPDump output. I know that the tunnel won't have been established at this point so this in particular wouldn't be hiding those details, but is there a need for them to be exposed? And if not where would I look to configure my server to hide these details from external entities? I know RADSec is preferred but wasn't sure if this information was exposed on purpose.