How to cleanly shut down a PEAP TLS tunnel

Joe Garcia joe27256 at
Mon Sep 11 12:18:37 UTC 2023

Alan DeKok <aland at> wrote:

>If the client gets an Access-Accept, that's it.  The TLS session is over.
>There is no need to send the RADIUS server anything.

OK, thanks for that!  I was trying to avoid posting long debug traces to keep
the signal/noise ratio down, and you've explained what the issue is, the TLS
spec says you should perform proper termination with a close_alert but for the
purposes of the protocols it's being used with here it doesn't make sense.


More information about the Freeradius-Users mailing list