https Radius authentication problem
Timmy
moonyhk at netscape.net
Sun Sep 13 17:24:05 CEST 2015
>
> Dear All Radius Developers,
> I am doing a web Radius authentication. I am also reading Mr. Alan
> DeKok's article about its security issue.
> https://github.com/FreeRADIUS/mod_auth_radius
> For http connection to the website, we know that the password is not
> encrypted.
>
> Now I set up a SSL certificate for the website in question. How do you
> rate the security of this https Radius authentication? Is the password,
> being sent over the internet, also encrypted by the usual SSL layer?
>> Yes. It's going over HTTP wrapped in SSL...
> Weirdly you're not the first person to ask this question...
>
> http://serverfault.com/questions/686962/mod-auth-radius-secure-over-https/686977#686977
>
I suggest the freeradius team append it on the freeradius wiki. Mr.
Alan DeKok only mentions the problem of http, but never mentions the
secure side of https with Radius Authentication :)
More information about the Freeradius-Users
mailing list