TLS Session Resumption with Proxy in Inner-Tunnel Not Working

[Alan DeKok]

On Feb 21, 2025, at 1:04 PM, MERLE Pierrick (Chef de projet réseau) - SG/DNUM/MSP/DIS/GIR via Freeradius-Users <freeradius-users at lists.freeradius.org> wrote:
> I am currently using FreeRADIUS 3.2.x as a RADIUS proxy to forward EAP-PEAP/MSCHAPv2 authentication requests to a backend Microsoft NPS server. The setup is working correctly, but I am facing an issue with TLS session resumption when using a proxy in the inner-tunnel: Attributes are never saved in the tls cache.

  There's no reason why it shouldn't work.

> When I use this setup without any proxy at all, TLS session resumption just works as expected.
> 
> Is TLS session resumption supported when using FreeRADIUS as a proxy for the inner authentication?
> If so, how can I properly cache the TLS session in this scenario?

  If you configure it, it should work.  The code to save / restore session resumption data is independent of the inner-tunnel proxying.  It's part of the TLS connection setup instead.

 Please post the full debug log for a situation where the session resumption doesn't work.  The code is FULL of debug messages which explain when / why it's saving sessions, or not.

  Alan DeKok.