[RADIATOR] TLS Connection details
Heikki Vatiainen
hvn at open.com.au
Tue Aug 31 13:26:17 UTC 2021
Stefan Paetow wrote:
> I have a question about RadSec... is there any way in Radiator to
> track which version of TLS a client is attempting to use when
> connecting to my RadSec server? I can see that the EAP module has
> EAPTLS_TraceState, but does this exist for a RadSec AuthBy clause?
> :-)
It does not. I think it could be added, though. In addition to this,
there's also something new coming up.
> Or, if there’s a different way to track this (would I have to set a
> different trace level), I’d be interested to know :-)
This recent contribution to Net::SSLeay provides support for better
tracing of handshake messages:
https://github.com/radiator-software/p5-net-ssleay/pull/283
Here's an example from the ticket that shows how Curl does the same thing:
* TLSv1.2 (OUT), TLS handshake, Client hello (1):
* TLSv1.2 (IN), TLS handshake, Server hello (2):
* TLSv1.2 (IN), TLS handshake, Certificate (11):
* TLSv1.2 (IN), TLS handshake, Server key exchange (12):
* TLSv1.2 (IN), TLS handshake, Server finished (14):
* TLSv1.2 (OUT), TLS handshake, Client key exchange (16):
* TLSv1.2 (OUT), TLS change cipher, Change cipher spec (1):
* TLSv1.2 (OUT), TLS handshake, Finished (20):
* TLSv1.2 (IN), TLS change cipher, Change cipher spec (1):
* TLSv1.2 (IN), TLS handshake, Finished (20):
Net::SSLeay still needs a bit additional work to get the messages types
and handshake contents translated. When that's in, something like shown
above can be added to Radiator for tracing TLS based EAP methods and
TCP/SCTP streams.
Thanks,
Heikki
--
Heikki Vatiainen
OSC, makers of Radiator
Visit radiatorsoftware.com for Radiator AAA server software
More information about the radiator
mailing list