Removal of built in OpenSSL TLS cache in v3.1.x

Arran Cudbard-Bell a.cudbardb at
Tue Feb 2 06:13:58 CET 2016

The built in OpenSSL TLS cache has been permanently disabled in v3.1.x as per

The new TLS cache uses a virtual-server with different Autz-Type sections representing the different cache actions.

The TLS session blob is made available in &session-state:TLS-Session-Data and the session ID is available in &TLS-Session-ID.

Certificate attributes have been moved to the &session-state: list for easy caching.

The tls-cache virtual server and cache_tls_module instance are included in the default config, and replicate the behaviour of the OpenSSL cache.

The current cache drivers are:

- memcached
- redis
- rbtree

If people think it would be valuable, I have about 50% of an rlm_cache driver that stores cache entries using a file system, it can be prioritised for completion before v3.2.0 is released.


Arran Cudbard-Bell <a.cudbardb at>
FreeRADIUS development team

FD31 3077 42EC 7FCD 32FE 5EE2 56CF 27F9 30A8 CAA2

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 872 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <>

More information about the Freeradius-Users mailing list