memcached and TLS resumption
James Potter
Jim.Potter at jisc.ac.uk
Thu Mar 28 14:28:09 UTC 2024
Hi Alan,
Ok, thanks for letting me know, I'll wait for v4 then.
Do you have an opinion on the merits of other approaches to use TLS session caches in a cluster? (NFS, rsync, ??)
Thanks,
Jim
-----Original Message-----
From: Freeradius-Users <freeradius-users-bounces+jim.potter=jisc.ac.uk at lists.freeradius.org> On Behalf Of Alan DeKok
Sent: Thursday, March 28, 2024 11:01 AM
To: FreeRadius users mailing list <freeradius-users at lists.freeradius.org>
Subject: Re: memcached and TLS resumption
On Mar 28, 2024, at 5:12 AM, James Potter via Freeradius-Users <freeradius-users at lists.freeradius.org> wrote:
> I’m trying to use memcached to do TLS session resumption. (FreeRad 3.2.1, Debian 11)
Unfortunately, v3.2 doesn't support that.
> What works:
>
> * eap-tls authentication (with OCSP)
> * tls session resumption works with a local cache – entries are created and then referenced correctly (if I define persist_dir in eap/cache)
> * I see an connections to (local) memcached daemon initialising at FreeRad startup
>
> But nothing gets written to Memcached. I’ve tried adding driver = “rlm_cache_memcached” to eap/cache (freeradius -Xxx says its unused).
Generally if it's not documented as working, then it doesn't work.
> It looks to me like the standard rlm_cache and the eap/cache are unrelated – is this correct?
Yes,
> (and then there is cache_eap…). Any pointers as to what I am missing here would be great.
We're making the EAP cache generic in v4, and it will support any method for caching the EAP data. But v4 is still at least a few weeks off :(
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
More information about the Freeradius-Users
mailing list