3.0.14 TLS Session Cache
If I set the “name” and “persist_dir” parameters in the “cache” section of the “tls-config” in mods-enabled/eap, the TLS Session cache works as expected and users can perform a fast reconnect. But if I don’t care about the TLS cache persisting across a server reboot, am I supposed to be able to comment out the “persist_dir” parameter? If I don’t set the “persist_dir” parameter, I cannot get the TLS session cache to work. If I don’t care about preserving this cache across a server reboot, I’m thinking it will be more efficient and less maintenance to use only an in-memory TLS cache. Is an in-memory-only TLS cache an option or is it a requirement that it get written to and read from disk? Doug Wussler Florida State University
It is now required. See the comments in the stock eap module conf file. ________________________________________ From: Freeradius-Users <freeradius-users-bounces+bjulin=clarku.edu@lists.freeradius.org> on behalf of Wussler, Doug <doug.wussler@fsu.edu> Sent: Wednesday, June 7, 2017 10:49 AM To: freeradius-users@lists.freeradius.org Subject: 3.0.14 TLS Session Cache If I set the “name” and “persist_dir” parameters in the “cache” section of the “tls-config” in mods-enabled/eap, the TLS Session cache works as expected and users can perform a fast reconnect. But if I don’t care about the TLS cache persisting across a server reboot, am I supposed to be able to comment out the “persist_dir” parameter? If I don’t set the “persist_dir” parameter, I cannot get the TLS session cache to work. If I don’t care about preserving this cache across a server reboot, I’m thinking it will be more efficient and less maintenance to use only an in-memory TLS cache. Is an in-memory-only TLS cache an option or is it a requirement that it get written to and read from disk? Doug Wussler Florida State University - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
On Jun 7, 2017, at 10:49 AM, Wussler, Doug <doug.wussler@fsu.edu> wrote:
If I set the “name” and “persist_dir” parameters in the “cache” section of the “tls-config” in mods-enabled/eap, the TLS Session cache works as expected and users can perform a fast reconnect. But if I don’t care about the TLS cache persisting across a server reboot, am I supposed to be able to comment out the “persist_dir” parameter?
Not in 3.0.14. See the ChangeLog.
If I don’t set the “persist_dir” parameter, I cannot get the TLS session cache to work.
Yes. See the comments in raddbs/mods-available/eap.
If I don’t care about preserving this cache across a server reboot, I’m thinking it will be more efficient and less maintenance to use only an in-memory TLS cache. Is an in-memory-only TLS cache an option or is it a requirement that it get written to and read from disk?
It's now a requirement that it's written to disk. Alan DeKok.
participants (3)
-
Alan DeKok -
Brian Julin -
Wussler, Doug