3.0.14 TLS Session Cache

Alan DeKok aland at deployingradius.com
Wed Jun 7 17:28:48 CEST 2017

On Jun 7, 2017, at 10:49 AM, Wussler, Doug <doug.wussler at fsu.edu> wrote:
> If I set the “name” and “persist_dir” parameters in the “cache” section of the “tls-config”
> in mods-enabled/eap, the TLS Session cache works as expected and users can perform a fast reconnect.
> But if I don’t care about the TLS cache persisting across a server reboot, am I supposed to be able
> to comment out the “persist_dir” parameter?

  Not in 3.0.14.  See the ChangeLog.

>  If I don’t set the “persist_dir” parameter, I cannot
> get the TLS session cache to work.

  Yes.  See the comments in raddbs/mods-available/eap.

>  If I don’t care about preserving this cache across a server
> reboot, I’m thinking it will be more efficient and less maintenance to use only an in-memory
> TLS cache.  Is an in-memory-only TLS cache an option or is it a requirement that it get written
> to and read from disk?

  It's now a requirement that it's written to disk.

  Alan DeKok.

More information about the Freeradius-Users mailing list