On Jun 7, 2017, at 10:49 AM, Wussler, Doug <doug.wussler@fsu.edu> wrote:
If I set the “name” and “persist_dir” parameters in the “cache” section of the “tls-config” in mods-enabled/eap, the TLS Session cache works as expected and users can perform a fast reconnect. But if I don’t care about the TLS cache persisting across a server reboot, am I supposed to be able to comment out the “persist_dir” parameter?
Not in 3.0.14. See the ChangeLog.
If I don’t set the “persist_dir” parameter, I cannot get the TLS session cache to work.
Yes. See the comments in raddbs/mods-available/eap.
If I don’t care about preserving this cache across a server reboot, I’m thinking it will be more efficient and less maintenance to use only an in-memory TLS cache. Is an in-memory-only TLS cache an option or is it a requirement that it get written to and read from disk?
It's now a requirement that it's written to disk. Alan DeKok.