Certificate Details Outside TLS Tunnel
FreeRAD
yetifreerad at gmail.com
Fri Oct 18 15:49:44 UTC 2024
If I run a TCPDump from one of the clients that is sending Auth-Requests to
my RADIUS server, I have noticed that in the Access-Challenge messages back
from the server you can see certificate details that I have put in the
various cnf files in etc/freeradius/3.0/certs. For example, I can see the
'organizationName' and 'emailAddress' from the server.cnf file amongst
other details and strings of hashed data within the TCPDump output.
I know that the tunnel won't have been established at this point so this in
particular wouldn't be hiding those details, but is there a need for them
to be exposed? And if not where would I look to configure my server to hide
these details from external entities? I know RADSec is preferred but wasn't
sure if this information was exposed on purpose.
More information about the Freeradius-Users
mailing list