Resuming a user cached session with EAP-TTLS

Alan DeKok aland at deployingradius.com
Mon Jan 23 18:02:16 UTC 2023


On Jan 23, 2023, at 11:07 AM, florentvercourt at gmail.com wrote:
> Ok, I'll try to look my switch config to see if I found parameters to store
> sessions.

  The switch doesn't store TLS session tickets.  It's the end user machine: Windows, iPhone, etc.

> Can you please indicate me the lines of logs in my previous
> message, in which resumption ticket is sent, thank very much.

  It's buried inside of the TLS data.  Use wireshark to do protocol decoding.

>> Read the RFCs if you're wondering how TTLS works.
> 
> I have already read it, but I just wanted to know what is the best practice.

  The best practice is to understand how things work before you go poking at irrelevant details.

  It doesn't matter how TTLS uses "length" or what the TLS session ticket looks like.  It matters to know that the switch doesn't store the TLS session tickets.

  Alan DeKok.



More information about the Freeradius-Users mailing list