FreeRADIUS, radsec and dnssec
stefan.winter at restena.lu
Fri Apr 7 20:06:23 CEST 2017
> There's (secure) Server/Client-initiated TLS renegotiation (both ways
> are possible). That happens inband without tearing down the session.
Which, by way of practicalities, is probably not even needed. A change
of cert typically means putting a new PEM file on the file system and
*restarting the server* to pick up the new file. That tears down any
sessions and re-establishes them with the new cert. Problem solved :-)
But hey, if not, Secure TLS Renegotiation comes for your rescue anyway.
Ingenieur de Recherche
Fondation RESTENA - Réseau Téléinformatique de l'Education Nationale et
de la Recherche
2, avenue de l'Université
Tel: +352 424409 1
Fax: +352 422473
PGP key updated to 4096 Bit RSA - I will encrypt all mails if the
recipient's key is known to me
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 819 bytes
Desc: OpenPGP digital signature
More information about the Freeradius-Users