Confused about ssl caching
Alan DeKok
aland at deployingradius.com
Wed Jul 17 15:01:19 CEST 2019
On Jul 16, 2019, at 1:49 PM, Sven Hartge <sven at svenhartge.de> wrote:
> But: How? And what?
After looking into it, the answer is "badly" :(
> But what I am missing is a concrete example how a configuration would
> look, if you excuse my thickness.
It's pretty non-intuitive.
> Also, side note here: the native Debian packages in Debian 9 and 10 have
> tls-caching disabled at the source level because of CVE-2017-9148. Which
> means without recompilation you can't use this feature.
Debian also ships version of FreeRADIUS which are *years* out of date. Instead of using a recent release, they patch one from may years ago.
Updated packages are available at: http://packages.networkradius.com
Updated documentation and more friendly configuration is available at:
https://github.com/FreeRADIUS/freeradius-server/commit/a3c46544b38ab46218c385d0ee197538fad5b3da
You'll have to use the v3.0.x code from GitHub in order to get simpler TLS session caching.
Alan DeKok.
More information about the Freeradius-Users
mailing list