https Radius authentication problem
Arran Cudbard-Bell
a.cudbardb at freeradius.org
Sun Sep 13 12:57:22 CEST 2015
> On 13 Sep 2015, at 11:56, Arran Cudbard-Bell <a.cudbardb at freeradius.org> wrote:
>
>
>> On 13 Sep 2015, at 09:33, Timmy <moonyhk at netscape.net> wrote:
>>
>> Dear All Radius Developers,
>> I am doing a web Radius authentication. I am also reading Mr. Alan
>> DeKok's article about its security issue.
>> https://github.com/FreeRADIUS/mod_auth_radius
>> For http connection to the website, we know that the password is not
>> encrypted.
>>
>> Now I set up a SSL certificate for the website in question. How do you
>> rate the security of this https Radius authentication? Is the password,
>> being sent over the internet, also encrypted by the usual SSL layer?
>
> Yes. It's going over HTTP wrapped in SSL...
Weirdly you're not the first person to ask this question...
http://serverfault.com/questions/686962/mod-auth-radius-secure-over-https/686977#686977
Arran Cudbard-Bell <a.cudbardb at freeradius.org>
FreeRADIUS development team
FD31 3077 42EC 7FCD 32FE 5EE2 56CF 27F9 30A8 CAA2
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 872 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20150913/f009e146/attachment.sig>
More information about the Freeradius-Users
mailing list