Session resumption problem
Alexander Clouter
alex at digriz.org.uk
Tue Oct 20 21:36:39 CEST 2009
David Mitchell <mitchell at ucar.edu> wrote:
>
> Alan DeKok wrote:
>
>> David Mitchell wrote:
>>> I was searching back in the archives, and in September there was a user
>>> who reported a problem with session resumption. I'm seeing the exact
>>> same symptoms I believe, also on Debian 5.0 with OpenSSL 0.9.8g. I never
>>> saw any follow up? Is there a fix known for this? I am using a locally
>>> compiled version of FreeRadius 2.1.7. It's linked against the system
>>> OpenSSL libraries though. Building a local 0.9.8k or even 1.0.0 is
>>> certainly an option if there is a chance it will help.
>>
>> There isn't a lot we can do. It's not clear *why* OpenSSL resumes
>> sessions when session resumption is disabled.
>
> I did manage to find an easy workaround for this. Simply enabling the
> cache in eap.conf allows these connections to succeed. I think there may
> still be a bug somewhere, or maybe more than one. At a minimum it seems
> a bit foolish for wpa_supplicant to keep trying to do a fast reconnect
> after getting an Access-Reject.
>
> Whatever the root problem is, there is an easy workaround. I wanted to
> follow up primarily in case others find this thread in the future it
> will have a workaround. I'm guessing the only real downside to enabling
> the EAP cache is memory usage, which I'm not too worried about.
>
Make sure you 'git cherry-pick' the patches related to:
https://bugs.freeradius.org/bugzilla/show_bug.cgi?id=15
https://bugs.freeradius.org/bugzilla/show_bug.cgi?id=21
...if you are using a vanilla 2.1.7.
Cheers
--
Alexander Clouter
.sigmonster says: I'm not laughing with you, I'm laughing at you.
More information about the Freeradius-Users
mailing list