FreeRADIUS, radsec and dnssec
Stefan Winter
stefan.winter at restena.lu
Fri Apr 7 20:06:23 CEST 2017
Hi again,
> There's (secure) Server/Client-initiated TLS renegotiation (both ways
> are possible). That happens inband without tearing down the session.
Which, by way of practicalities, is probably not even needed. A change
of cert typically means putting a new PEM file on the file system and
*restarting the server* to pick up the new file. That tears down any
sessions and re-establishes them with the new cert. Problem solved :-)
But hey, if not, Secure TLS Renegotiation comes for your rescue anyway.
Stefan
--
Stefan WINTER
Ingenieur de Recherche
Fondation RESTENA - Réseau Téléinformatique de l'Education Nationale et
de la Recherche
2, avenue de l'Université
L-4365 Esch-sur-Alzette
Tel: +352 424409 1
Fax: +352 422473
PGP key updated to 4096 Bit RSA - I will encrypt all mails if the
recipient's key is known to me
http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xC0DE6A358A39DC66
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: OpenPGP digital signature
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20170407/b27ea88e/attachment.sig>
More information about the Freeradius-Users
mailing list