Force update of TLS cache

Alan DeKok aland at
Mon Feb 29 17:30:41 CET 2016

On Feb 29, 2016, at 11:26 AM, Jonathan Gazeley <Jonathan.Gazeley at> wrote:
> The debug log shows that TLS-Session-Id is created in packet 4, in the outer authorize section.

  OK, so it should be available in the request.

  You may have to copy it to session-state, so it's available in later packets.  

> And it does this:
> (6)        update request {
> (6)          TLS-Session-Id skipped: No values available
> (6)        } # update request (noop)
> I don't understand why the attribute is not available later on in the same session.

  Because it's not being added to the session-state attributes.  Again, "request" is PER PACKET.  "session-state" is for the SESSION.

  Adding something to the request in packet 4 means ti's not available in the request in packet 6.  That's what the session-state is for.

  The default config should probably add TLS-Session-Id to session-state.  I'll take a look.  But for you, you'll have to do it manually.

  Alan DeKok.

More information about the Freeradius-Users mailing list