Force update of TLS cache

Jonathan Gazeley Jonathan.Gazeley at
Mon Feb 29 14:34:03 CET 2016

In our EAP-PEAP sessions, the typical conversation length is 10 packets. 
We have TLS caching enabled, but I noticed the TLS cache is populated 
during packet 4, which is before processing has started on the tunneled 

Is it possible to force an update of the cache entry from the 
inner-tunnel server e.g. to add attributes that are only available at 
this stage? I attempted to call an update by doing this in the 
inner-tunnel server:

update control {
     Cache-TTL := 0

This caused authentications to fail with "cache_tls_session (fail)" and 
no further information is given. Is it possible to do this?


More information about the Freeradius-Users mailing list