memcached and TLS resumption

[James Potter]

Hi Alan,

Ok, thanks for letting me know, I'll wait for v4 then.

Do you have an opinion on the merits of other approaches to use TLS session caches in a cluster? (NFS, rsync, ??)

Thanks,

Jim

-----Original Message-----
From: Freeradius-Users <freeradius-users-bounces+jim.potter=jisc.ac.uk at lists.freeradius.org> On Behalf Of Alan DeKok
Sent: Thursday, March 28, 2024 11:01 AM
To: FreeRadius users mailing list <freeradius-users at lists.freeradius.org>
Subject: Re: memcached and TLS resumption

On Mar 28, 2024, at 5:12 AM, James Potter via Freeradius-Users <freeradius-users at lists.freeradius.org> wrote:
> I’m trying to use memcached to do TLS session resumption. (FreeRad 3.2.1, Debian 11)

  Unfortunately, v3.2 doesn't support that.

> What works:
> 
>  *   eap-tls authentication (with OCSP)
>  *   tls session resumption works with a local cache – entries are created and then referenced correctly (if I define persist_dir in eap/cache)
>  *   I see an connections to (local) memcached daemon initialising at FreeRad startup
> 
> But nothing gets written to Memcached. I’ve tried adding driver = “rlm_cache_memcached” to eap/cache (freeradius -Xxx says its unused).

  Generally if it's not documented as working, then it doesn't work.

> It looks to me like the standard rlm_cache and the eap/cache are unrelated – is this correct?

  Yes,

> (and then there is cache_eap…). Any pointers as to what I am missing here would be great.

  We're making the EAP cache generic in v4, and it will support any method for caching the EAP data.  But v4 is still at least a few weeks off :(

  Alan DeKok.

-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html