Logging EAP-PEAP/TTLS TLS version and Ciphers

Alan DeKok aland at deployingradius.com
Wed Mar 13 16:27:15 CET 2019

On Mar 13, 2019, at 10:50 AM, Sven Hartge <sven at svenhartge.de> wrote:
> To evaluate how many clients use which TLS version and what cipher has
> been negotiated between freeradius and supplicant, I want to log those
> values via linelog. (To get an idea, if and when it is feasible to
> tighten the cipher_list and TLS versions supported.)

  This information isn't exposed in v3.

> I've been looking through dictionary.freeradius.internal and know about
> TLS-Cert-* and TLS-Client-Cert-*, but those of course don't contain the
> information I seek. (No client cert for PEAP/TTLS and I already know all
> about the server cert, no need to log them.)
> Is there any attribute I missed or an xlat I need to do to get this into
> a log message?

  You'll need to edit the source to add this information as attributes.

  Alan DeKok.

More information about the Freeradius-Users mailing list