Session resumptions importance.
Arran Cudbard-Bell
a.cudbardb at freeradius.org
Wed Apr 13 18:41:33 CEST 2016
> On Apr 13, 2016, at 12:15 PM, Anirudh Malhotra <8zero2ops at gmail.com> wrote:
>
> Hi Arran,
>
> Thanks for your reply. I posted a question earlier
> http://lists.freeradius.org/pipermail/freeradius-users/2016-April/083081.html
>
> I am facing some issue in session resumption can you please look at that question else i will have go through the source code which i am not good at :p
If you move to v3.1.x i'd be happy to help you :)
I don't believe the v3.0.x code associates the &session-state: list with the actual SSL_SESSION struct, and i'm also pretty sure we don't expose the session ID as an attribute, meaning there's no proper way to bind cache entries to SSL sessions.
In v3.1.x you can cache the session-state list, the TLS session resumption blob, and the certificate attributes all together in the same entry. It lets you write much saner configurations.
The idea is that you can populate the session-state list with any autz data from LDAP or SQL, and have the contents of that list persist across all resumptions of that session. We're not creating new sessions when a session is resumed, so it seems appropriate that session-state should persist.
-Arran
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 842 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20160413/87c17b86/attachment.sig>
More information about the Freeradius-Users
mailing list