FR3 and EAP-TLS session cache
Alan DeKok
aland at deployingradius.com
Thu Jun 18 14:04:54 CEST 2015
On Jun 18, 2015, at 7:25 AM, Jüri Palis <jyri.palis at gmail.com> wrote:
> But I had an impression that in-memory and persistent cache behave exactly the same way except persistent cache can survive daemon restarts. So what you are saying is that EAP-TLS session resumption works only when persistent disk caching is enabled?
No. My tests show that if you enable the "cache" sub-section of the EAP module, it does in-memory session caching.
You MUST set attributes to cache. See raddb/mods-available/eap, and the "cache" sub-section.
The TLS-* attributes are available ONLY when a client certificate is used, as with EAP-TLS.
It works in all of my tests.
Alan DeKok.
More information about the Freeradius-Users
mailing list