Fast roaming support
Josh Howlett
Josh.Howlett at ja.net
Wed Jan 9 09:29:47 CET 2008
> > Note that the RADIUS server needs to cache the MSK derived from the
> > original TLS exchange; I am curious how the patch that got
> submitted
> > handled this...
>
> It sets a flag in OpenSSL telling OpenSSL to cache the SSL
> session contexts. :)
Ah, of course. FWIW, TTLSv0 has this to say about that:
[Implementation note: Toolkits that implement TLS often cache
resumable TLS sessions automatically. Implementers must take care to
override such automatic behavior, and prevent sessions from being
cached for possible resumption until the user has been positively
authenticated during phase 2.]
josh.
JANET(UK) is a trading name of The JNT Association, a company limited
by guarantee which is registered in England under No. 2881024
and whose Registered Office is at Lumen House, Library Avenue,
Harwell Science and Innovation Campus, Didcot, Oxfordshire. OX11 0SG
More information about the Freeradius-Devel
mailing list