How to cache the EAP-TLS session-state in redis
James Fan
polysorb at gmail.com
Mon Jun 17 08:33:59 UTC 2024
Thanks for answering my question.
I still have a specific question regarding the configuration of multiple
server instances.
If we have multiple FreeRADIUS server instances with a load balancer in
front of them, how do we ensure the TLS session is successful? The
handshake requests will be sent to different servers, which will cause the
session mismatching issue.
Do we need to use the load balancer settings, or is the FreeRADIUS server
able to handle this?
On Tue, Jun 11, 2024 at 11:51 AM Arran Cudbard-Bell via Freeradius-Users <
freeradius-users at lists.freeradius.org> wrote:
>
> Not how you want. AFAIK there's no way of serialising a SSL * (an OpenSSL
> TLS session) and transferring it to another server.
>
> You can serialise the TLS session resumption data and share it between a
> cluster, but your load balancer still needs to be capable of routing
> related requests to the same node for the initial authentication attempt.
>
> -Arran
>
> Arran Cudbard-Bell <a.cudbardb at freeradius.org>
> FreeRADIUS Development Team
>
> FD31 3077 42EC 7FCD 32FE 5EE2 56CF 27F9 30A8 CAA2
>
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
>
More information about the Freeradius-Users
mailing list