Force update of TLS cache

Alan DeKok aland at
Mon Feb 29 16:22:53 CET 2016

On Feb 29, 2016, at 10:09 AM, Jonathan Gazeley <Jonathan.Gazeley at> wrote:
> cache cache_tls_session {
>  driver = "rlm_cache_rbtree"
>  key = &TLS-Session-Id

  Which is the *outer* TLS-Sesson-Id.

  i.e. you can't use the module inside of the TLS tunnel, because the TLS-Session-Id doesn't exist.  That's why the module is failing.

  So... you've got to copy it:

server inner-tunnel {

	update request {
		TLS-Session-Id := &outer.request:TLS-Session-Id


> I don't think all of the lines in the update{} block are required - we were experimenting with what we could put into the cache.

  Anything.  They're just attributes.

  Alan DeKok.

More information about the Freeradius-Users mailing list