On Jul 16, 2019, at 1:49 PM, Sven Hartge <sven@svenhartge.de> wrote:
But: How? And what?
After looking into it, the answer is "badly" :(
But what I am missing is a concrete example how a configuration would look, if you excuse my thickness.
It's pretty non-intuitive.
Also, side note here: the native Debian packages in Debian 9 and 10 have tls-caching disabled at the source level because of CVE-2017-9148. Which means without recompilation you can't use this feature.
Debian also ships version of FreeRADIUS which are *years* out of date. Instead of using a recent release, they patch one from may years ago. Updated packages are available at: http://packages.networkradius.com Updated documentation and more friendly configuration is available at: https://github.com/FreeRADIUS/freeradius-server/commit/a3c46544b38ab46218c38... You'll have to use the v3.0.x code from GitHub in order to get simpler TLS session caching. Alan DeKok.