Regarding backport fix of to 3.0.x branches.

saurabha badhai saurabha.badhai at
Tue Jun 6 09:19:41 UTC 2023

Yes I am using RADSEC which uses TLS. I see in TLS establishment procedure
first part is TCP connection and then starts TLS handshake to make a secure

I am facing an issue in the first part in TCP connect, thread get stuck
here in *fr_socket_client_tcp and *does not come out for 2 mins if AAA
server is down or network is unavailable which impacts other radius
messages to process around that time. This blocks the complete server to
process any message.

My doubt is whether this TCP blocking for 2 mins before the TLS handshake
procedure gets fixed with this TLS non-blocking PRs ?


On Tue, Jun 6, 2023 at 11:32 AM Alan DeKok <aland at>

> On Jun 6, 2023, at 7:57 AM, saurabha badhai <saurabha.badhai at>
> wrote:
> >
> > Yes got it, so in TLS connection, TCP connect can be used as non-Blocking
> > mode now with the PR #5013 without any issue, Could you please  confirm ?
>   If you read the code, you'll see that bare TCP cannot be used in
> non-blocking mode.
>   The non-blocking code uses the internal TLS buffers to write data when
> the TCP connection is blocked.  Those TLS buffers don't exist for
> RADIUS/TCP.  So they're not used.
>   In short: don't use RADIUS/TCP.  It's insecure.  It offers no value over
>   Just use RADIUS/TLS.
>   Alan DeKok.
> -
> List info/subscribe/unsubscribe? See

More information about the Freeradius-Devel mailing list