Certificate Details Outside TLS Tunnel
FreeRAD
yetifreerad at gmail.com
Sun Oct 20 18:41:37 UTC 2024
Thanks for the info!
On Sat, 19 Oct 2024 at 13:24, Alan DeKok <aland at deployingradius.com> wrote:
> On Oct 18, 2024, at 11:49 AM, FreeRAD <yetifreerad at gmail.com> wrote:
> >
> > If I run a TCPDump from one of the clients that is sending Auth-Requests
> to
> > my RADIUS server, I have noticed that in the Access-Challenge messages
> back
> > from the server you can see certificate details that I have put in the
> > various cnf files in etc/freeradius/3.0/certs. For example, I can see the
> > 'organizationName' and 'emailAddress' from the server.cnf file amongst
> > other details and strings of hashed data within the TCPDump output.
> >
> > I know that the tunnel won't have been established at this point so this
> in
> > particular wouldn't be hiding those details, but is there a need for them
> > to be exposed? And if not where would I look to configure my server to
> hide
> > these details from external entities? I know RADSec is preferred but
> wasn't
> > sure if this information was exposed on purpose.
>
> That's how TLS works. You will see the same thing for HTTPS connections
> which don't use TLS 1.3.
>
> Alan DeKok.
>
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
>
More information about the Freeradius-Users
mailing list