RadSec FR3.0 to Radiator: "Received packet will be too large"
Alan DeKok
aland at deployingradius.com
Thu Feb 23 09:47:08 CET 2012
Stefan Winter wrote:
> The RADIUS/TLS wrapper around those datagrams is not size-limited at all
The TLS protocol sends data in packets with headers. Those packets
can be up to 64K in length.
The TLS code in FreeRADIUS was originally based on the EAP-TLS code.
The EAP-TLS packets run over ethernet, which means that the encoded
RADIUS + EAP + TLS packets must fit within an ethernet frame. i.e.
about 1K.
The TLS code in FreeRADIUS still has that limitation.
> My guess is that main/tls.c "thinks" it operates within a EAP context
> and tries to warn of too big data chunks, while there is actually
> nothing to warn about.
Yeah. The warning is just that the code doesn't handle more than 1K
of TLS data at a time. It's easy enough to fix, though.
Alan DeKok.
More information about the Freeradius-Users
mailing list