FreeRADIUS, radsec and dnssec

Stefan Winter stefan.winter at
Fri Apr 7 20:06:23 CEST 2017

Hi again,

> There's (secure) Server/Client-initiated TLS renegotiation (both ways
> are possible). That happens inband without tearing down the session.

Which, by way of practicalities, is probably not even needed. A change
of cert typically means putting a new PEM file on the file system and
*restarting the server* to pick up the new file. That tears down any
sessions and re-establishes them with the new cert. Problem solved :-)

But hey, if not, Secure TLS Renegotiation comes for your rescue anyway.


Ingenieur de Recherche
Fondation RESTENA - Réseau Téléinformatique de l'Education Nationale et
de la Recherche
2, avenue de l'Université
L-4365 Esch-sur-Alzette

Tel: +352 424409 1
Fax: +352 422473

PGP key updated to 4096 Bit RSA - I will encrypt all mails if the
recipient's key is known to me
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: OpenPGP digital signature
URL: <>

More information about the Freeradius-Users mailing list