Removal of built in OpenSSL TLS cache in v3.1.x
Arran Cudbard-Bell
a.cudbardb at freeradius.org
Tue Feb 2 06:13:58 CET 2016
The built in OpenSSL TLS cache has been permanently disabled in v3.1.x as per https://github.com/FreeRADIUS/freeradius-server/issues/1493.
The new TLS cache uses a virtual-server with different Autz-Type sections representing the different cache actions.
The TLS session blob is made available in &session-state:TLS-Session-Data and the session ID is available in &TLS-Session-ID.
Certificate attributes have been moved to the &session-state: list for easy caching.
The tls-cache virtual server and cache_tls_module instance are included in the default config, and replicate the behaviour of the OpenSSL cache.
The current cache drivers are:
- memcached
- redis
- rbtree
If people think it would be valuable, I have about 50% of an rlm_cache driver that stores cache entries using a file system, it can be prioritised for completion before v3.2.0 is released.
-Arran
Arran Cudbard-Bell <a.cudbardb at freeradius.org>
FreeRADIUS development team
FD31 3077 42EC 7FCD 32FE 5EE2 56CF 27F9 30A8 CAA2
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 872 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20160202/0e696517/attachment.sig>
More information about the Freeradius-Users
mailing list