https Radius authentication problem

Arran Cudbard-Bell a.cudbardb at freeradius.org
Sun Sep 13 12:56:10 CEST 2015


> On 13 Sep 2015, at 09:33, Timmy <moonyhk at netscape.net> wrote:
> 
> Dear All Radius Developers,
> I am doing a web Radius authentication.  I am also reading Mr. Alan
> DeKok's article about its security issue.
> https://github.com/FreeRADIUS/mod_auth_radius
> For http connection to the website, we know that the password is not
> encrypted.
> 
> Now I set up a SSL certificate for the website in question.  How do you
> rate the security of this https Radius authentication?  Is the password,
> being sent over the internet, also encrypted by the usual SSL layer?

Yes.  It's going over HTTP wrapped in SSL...

-Arran

Arran Cudbard-Bell <a.cudbardb at freeradius.org>
FreeRADIUS development team

FD31 3077 42EC 7FCD 32FE 5EE2 56CF 27F9 30A8 CAA2

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 872 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20150913/d1e6bca3/attachment.sig>


More information about the Freeradius-Users mailing list