Logging EAP-PEAP/TTLS TLS version and Ciphers
Alan DeKok
aland at deployingradius.com
Wed Mar 13 16:27:15 CET 2019
On Mar 13, 2019, at 10:50 AM, Sven Hartge <sven at svenhartge.de> wrote:
>
> To evaluate how many clients use which TLS version and what cipher has
> been negotiated between freeradius and supplicant, I want to log those
> values via linelog. (To get an idea, if and when it is feasible to
> tighten the cipher_list and TLS versions supported.)
This information isn't exposed in v3.
> I've been looking through dictionary.freeradius.internal and know about
> TLS-Cert-* and TLS-Client-Cert-*, but those of course don't contain the
> information I seek. (No client cert for PEAP/TTLS and I already know all
> about the server cert, no need to log them.)
>
> Is there any attribute I missed or an xlat I need to do to get this into
> a log message?
You'll need to edit the source to add this information as attributes.
Alan DeKok.
More information about the Freeradius-Users
mailing list