Force update of TLS cache
Alan DeKok
aland at deployingradius.com
Mon Feb 29 15:01:47 CET 2016
On Feb 29, 2016, at 8:34 AM, Jonathan Gazeley <Jonathan.Gazeley at bristol.ac.uk> wrote:
>
> In our EAP-PEAP sessions, the typical conversation length is 10 packets. We have TLS caching enabled, but I noticed the TLS cache is populated during packet 4, which is before processing has started on the tunneled authentication.
The session is cached when the TLS connection has been established.
> Is it possible to force an update of the cache entry from the inner-tunnel server e.g. to add attributes that are only available at this stage? I attempted to call an update by doing this in the inner-tunnel server:
>
> update control {
> Cache-TTL := 0
> }
> cache_tls_session
>
> This caused authentications to fail with "cache_tls_session (fail)" and no further information is given. Is it possible to do this?
It's better to update the cache in the outer post-auth section. The cache key is more likely to be the same.
Alan DeKok.
More information about the Freeradius-Users
mailing list