Force update of TLS cache
Jonathan Gazeley
Jonathan.Gazeley at bristol.ac.uk
Mon Feb 29 14:34:03 CET 2016
In our EAP-PEAP sessions, the typical conversation length is 10 packets.
We have TLS caching enabled, but I noticed the TLS cache is populated
during packet 4, which is before processing has started on the tunneled
authentication.
Is it possible to force an update of the cache entry from the
inner-tunnel server e.g. to add attributes that are only available at
this stage? I attempted to call an update by doing this in the
inner-tunnel server:
update control {
Cache-TTL := 0
}
cache_tls_session
This caused authentications to fail with "cache_tls_session (fail)" and
no further information is given. Is it possible to do this?
Thanks,
Jonathan
More information about the Freeradius-Users
mailing list