Logging TLS versions for TTLS/EAP
Sven Hartge
sven at svenhartge.de
Sun Aug 13 17:09:14 CEST 2017
On 12.08.2017 18:43, Alan DeKok wrote:
> On Aug 12, 2017, at 2:56 PM, Sven Hartge <sven at svenhartge.de> wrote:
>> To gather a deeper insight in what TLS versions are used by clients
>> in our wireless network, I want to log what MAC address uses what
>> TLS version (and maybe cipher algorithm, but that is secondary)
>> during the PEAP or TTLS handshake.
>>
>> I guess a simple linelog would be sufficient for that task, but, I
>> must confess, I am a bit lost on what attributes to use for the TLS
>> version part, if there even *is* a way to log this information.
> It's available in src/main/tls.c, see tls_session_information(). But
> it's not available as an attribute.
I see, str_version is the interesting part. But my C-fu is too weak, I
couldn't even start to create a patch to put this into an attribute for
later consumption via unlang.
And running the production servers in debug mode is also not really
feasible.
So this is a dead end for me, isn't it?
Grüße,
Sven.
More information about the Freeradius-Users
mailing list