On Feb 29, 2016, at 11:26 AM, Jonathan Gazeley <Jonathan.Gazeley@bristol.ac.uk> wrote:
The debug log shows that TLS-Session-Id is created in packet 4, in the outer authorize section.
OK, so it should be available in the request. You may have to copy it to session-state, so it's available in later packets.
And it does this:
(6) update request { (6) TLS-Session-Id skipped: No values available (6) } # update request (noop)
I don't understand why the attribute is not available later on in the same session.
Because it's not being added to the session-state attributes. Again, "request" is PER PACKET. "session-state" is for the SESSION. Adding something to the request in packet 4 means ti's not available in the request in packet 6. That's what the session-state is for. The default config should probably add TLS-Session-Id to session-state. I'll take a look. But for you, you'll have to do it manually. Alan DeKok.