Alan Buxey wrote:
interesting....a RADSEC packet can be much bigger than that too - 2048 gives some room for a big certificate - but not if its double-chained with intermediate and its got a nice security size instead of being a little 512bit RSA one. typically EAP-TLS can be fragmented on the server due to it going through to the end-clients ..and being UDP things get a little nasty...whereas with RADSEC theres no reason why a single TCP request couldnt be quite large and needing to be fragmented by the routers....
That is hidden from the server. It's just receiving a stream of data, not packets. IIRC, the TLS "packets" over TCP can be up to 64K in length. So I suppose that the server should handle that. Oh well... more changes. Alan DeKok.