On 13 Sep 2015, at 11:56, Arran Cudbard-Bell <a.cudbardb@freeradius.org> wrote:
On 13 Sep 2015, at 09:33, Timmy <moonyhk@netscape.net> wrote:
Dear All Radius Developers, I am doing a web Radius authentication. I am also reading Mr. Alan DeKok's article about its security issue. https://github.com/FreeRADIUS/mod_auth_radius For http connection to the website, we know that the password is not encrypted.
Now I set up a SSL certificate for the website in question. How do you rate the security of this https Radius authentication? Is the password, being sent over the internet, also encrypted by the usual SSL layer?
Yes. It's going over HTTP wrapped in SSL...
Weirdly you're not the first person to ask this question... http://serverfault.com/questions/686962/mod-auth-radius-secure-over-https/68... Arran Cudbard-Bell <a.cudbardb@freeradius.org> FreeRADIUS development team FD31 3077 42EC 7FCD 32FE 5EE2 56CF 27F9 30A8 CAA2