https Radius authentication problem

Timmy moonyhk at
Sun Sep 13 17:24:05 CEST 2015

> Dear All Radius Developers,
> I am doing a web Radius authentication.  I am also reading Mr. Alan
> DeKok's article about its security issue.
> For http connection to the website, we know that the password is not
> encrypted.
> Now I set up a SSL certificate for the website in question.  How do you
> rate the security of this https Radius authentication?  Is the password,
> being sent over the internet, also encrypted by the usual SSL layer?
>> Yes.  It's going over HTTP wrapped in SSL...
> Weirdly you're not the first person to ask this question...
I suggest the freeradius team append it on the freeradius wiki.  Mr.
Alan DeKok only mentions the problem of http, but never mentions the
secure side of https with Radius Authentication  :)

More information about the Freeradius-Users mailing list