Alan DeKok wrote:
David Mitchell wrote:
I was searching back in the archives, and in September there was a user who reported a problem with session resumption. I'm seeing the exact same symptoms I believe, also on Debian 5.0 with OpenSSL 0.9.8g. I never saw any follow up? Is there a fix known for this? I am using a locally compiled version of FreeRadius 2.1.7. It's linked against the system OpenSSL libraries though. Building a local 0.9.8k or even 1.0.0 is certainly an option if there is a chance it will help.
There isn't a lot we can do. It's not clear *why* OpenSSL resumes sessions when session resumption is disabled.
I did manage to find an easy workaround for this. Simply enabling the cache in eap.conf allows these connections to succeed. I think there may still be a bug somewhere, or maybe more than one. At a minimum it seems a bit foolish for wpa_supplicant to keep trying to do a fast reconnect after getting an Access-Reject. Whatever the root problem is, there is an easy workaround. I wanted to follow up primarily in case others find this thread in the future it will have a workaround. I'm guessing the only real downside to enabling the EAP cache is memory usage, which I'm not too worried about. -David Mitchell
Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
-- ----------------------------------------------------------------- | David Mitchell (mitchell@ucar.edu) Network Engineer IV | | Tel: (303) 497-1845 National Center for | | FAX: (303) 497-1818 Atmospheric Research | -----------------------------------------------------------------