Regarding backport fix of https://github.com/FreeRADIUS/freeradius-server/issues/3501 to 3.0.x branches.
Alan DeKok
aland at deployingradius.com
Tue Jun 6 06:01:53 UTC 2023
On Jun 6, 2023, at 7:57 AM, saurabha badhai <saurabha.badhai at gmail.com> wrote:
>
> Yes got it, so in TLS connection, TCP connect can be used as non-Blocking
> mode now with the PR #5013 without any issue, Could you please confirm ?
If you read the code, you'll see that bare TCP cannot be used in non-blocking mode.
The non-blocking code uses the internal TLS buffers to write data when the TCP connection is blocked. Those TLS buffers don't exist for RADIUS/TCP. So they're not used.
In short: don't use RADIUS/TCP. It's insecure. It offers no value over RADIUS/UDP, or RADIUS/TLS.
Just use RADIUS/TLS.
Alan DeKok.
More information about the Freeradius-Devel
mailing list