[RADIATOR] TLS Connection details

Heikki Vatiainen hvn at open.com.au
Tue Aug 31 13:26:17 UTC 2021

Stefan Paetow wrote:

> I have a question about RadSec... is there any way in Radiator to
> track which version of TLS a client is attempting to use when
> connecting to my RadSec server? I can see that the EAP module has
> EAPTLS_TraceState, but does this exist for a RadSec AuthBy clause?
> :-)

It does not. I think it could be added, though. In addition to this, 
there's also something new coming up.

> Or, if there’s a different way to track this (would I have to set a
> different trace level), I’d be interested to know :-)

This recent contribution to Net::SSLeay provides support for better 
tracing of handshake messages:


Here's an example from the ticket that shows how Curl does the same thing:

* TLSv1.2 (OUT), TLS handshake, Client hello (1):
* TLSv1.2 (IN), TLS handshake, Server hello (2):
* TLSv1.2 (IN), TLS handshake, Certificate (11):
* TLSv1.2 (IN), TLS handshake, Server key exchange (12):
* TLSv1.2 (IN), TLS handshake, Server finished (14):
* TLSv1.2 (OUT), TLS handshake, Client key exchange (16):
* TLSv1.2 (OUT), TLS change cipher, Change cipher spec (1):
* TLSv1.2 (OUT), TLS handshake, Finished (20):
* TLSv1.2 (IN), TLS change cipher, Change cipher spec (1):
* TLSv1.2 (IN), TLS handshake, Finished (20):

Net::SSLeay still needs a bit additional work to get the messages types 
and handshake contents translated. When that's in, something like shown 
above can be added to Radiator for tracing TLS based EAP methods and 
TCP/SCTP streams.


Heikki Vatiainen
OSC, makers of Radiator
Visit radiatorsoftware.com for Radiator AAA server software

More information about the radiator mailing list