Confused about ssl caching

Alan DeKok aland at
Wed Jul 17 15:01:19 CEST 2019

On Jul 16, 2019, at 1:49 PM, Sven Hartge <sven at> wrote:
> But: How? And what?

  After looking into it, the answer is "badly" :(

> But what I am missing is a concrete example how a configuration would
> look, if you excuse my thickness.

  It's pretty non-intuitive.

> Also, side note here: the native Debian packages in Debian 9 and 10 have
> tls-caching disabled at the source level because of CVE-2017-9148. Which
> means without recompilation you can't use this feature.

  Debian also ships version of FreeRADIUS which are *years* out of date.  Instead of using a recent release, they patch one from may years ago.

  Updated packages are available at:

  Updated documentation and more friendly configuration is available at:

  You'll have to use the v3.0.x code from GitHub in order to get simpler TLS session caching.

   Alan DeKok.

More information about the Freeradius-Users mailing list