Stefan Paetow wrote:
I have a question about RadSec... is there any way in Radiator to
track which version of TLS a client is attempting to use when
connecting to my RadSec server? I can see that the EAP module has
EAPTLS_TraceState, but does this exist for a RadSec AuthBy clause?
:-)
It does not. I think it could be added, though. In addition to this,
there's also something new coming up.
Or, if there’s a different way to track this (would I have to set a
different trace level), I’d be interested to know :-)
This recent contribution to Net::SSLeay provides support for better
tracing of handshake messages:
https://github.com/radiator-software/p5-net-ssleay/pull/283
Here's an example from the ticket that shows how Curl does the same thing:
* TLSv1.2 (OUT), TLS handshake, Client hello (1):
* TLSv1.2 (IN), TLS handshake, Server hello (2):
* TLSv1.2 (IN), TLS handshake, Certificate (11):
* TLSv1.2 (IN), TLS handshake, Server key exchange (12):
* TLSv1.2 (IN), TLS handshake, Server finished (14):
* TLSv1.2 (OUT), TLS handshake, Client key exchange (16):
* TLSv1.2 (OUT), TLS change cipher, Change cipher spec (1):
* TLSv1.2 (OUT), TLS handshake, Finished (20):
* TLSv1.2 (IN), TLS change cipher, Change cipher spec (1):
* TLSv1.2 (IN), TLS handshake, Finished (20):
Net::SSLeay still needs a bit additional work to get the messages types
and handshake contents translated. When that's in, something like shown
above can be added to Radiator for tracing TLS based EAP methods and
TCP/SCTP streams.
Thanks,
Heikki
--
Heikki Vatiainen
OSC, makers of Radiator
Visit radiatorsoftware.com for Radiator AAA server software
_______________________________________________
radiator mailing list
radiator@lists.open.com.au
https://lists.open.com.au/mailman/listinfo/radiator