https Radius authentication problem
moonyhk at netscape.net
Sun Sep 13 17:24:05 CEST 2015
> Dear All Radius Developers,
> I am doing a web Radius authentication. I am also reading Mr. Alan
> DeKok's article about its security issue.
> For http connection to the website, we know that the password is not
> Now I set up a SSL certificate for the website in question. How do you
> rate the security of this https Radius authentication? Is the password,
> being sent over the internet, also encrypted by the usual SSL layer?
>> Yes. It's going over HTTP wrapped in SSL...
> Weirdly you're not the first person to ask this question...
I suggest the freeradius team append it on the freeradius wiki. Mr.
Alan DeKok only mentions the problem of http, but never mentions the
secure side of https with Radius Authentication :)
More information about the Freeradius-Users