Dear All Radius Developers, I am doing a web Radius authentication. I am also reading Mr. Alan DeKok's article about its security issue. https://github.com/FreeRADIUS/mod_auth_radius For http connection to the website, we know that the password is not encrypted.
Now I set up a SSL certificate for the website in question. How do you rate the security of this https Radius authentication? Is the password, being sent over the internet, also encrypted by the usual SSL layer?
Yes. It's going over HTTP wrapped in SSL... Weirdly you're not the first person to ask this question...
http://serverfault.com/questions/686962/mod-auth-radius-secure-over-https/68...
I suggest the freeradius team append it on the freeradius wiki. Mr. Alan DeKok only mentions the problem of http, but never mentions the secure side of https with Radius Authentication :)