Logging EAP-PEAP/TTLS TLS version and Ciphers

Sven Hartge sven at svenhartge.de
Wed Mar 13 15:50:06 CET 2019

Hi *,

(using freeradius 3.0.17)

To evaluate how many clients use which TLS version and what cipher has
been negotiated between freeradius and supplicant, I want to log those
values via linelog. (To get an idea, if and when it is feasible to
tighten the cipher_list and TLS versions supported.)

I've been looking through dictionary.freeradius.internal and know about
TLS-Cert-* and TLS-Client-Cert-*, but those of course don't contain the
information I seek. (No client cert for PEAP/TTLS and I already know all
about the server cert, no need to log them.)

Is there any attribute I missed or an xlat I need to do to get this into
a log message?


More information about the Freeradius-Users mailing list