RadSec FR3.0 to Radiator: "Received packet will be too large"
Alan DeKok
aland at deployingradius.com
Thu Feb 23 09:43:37 CET 2012
Alan Buxey wrote:
> interesting....a RADSEC packet can be much bigger than that too - 2048 gives some room for a big
> certificate - but not if its double-chained with intermediate and its got a nice security size
> instead of being a little 512bit RSA one. typically EAP-TLS can be fragmented on the server due
> to it going through to the end-clients ..and being UDP things get a little nasty...whereas with RADSEC
> theres no reason why a single TCP request couldnt be quite large and needing to be fragmented
> by the routers....
That is hidden from the server. It's just receiving a stream of data,
not packets.
IIRC, the TLS "packets" over TCP can be up to 64K in length. So I
suppose that the server should handle that.
Oh well... more changes.
Alan DeKok.
More information about the Freeradius-Users
mailing list