Alan DeKok wrote: > David Mitchell wrote: >> I was searching back in the archives, and in September there was a user >> who reported a problem with session resumption. I'm seeing the exact >> same symptoms I believe, also on Debian 5.0 with OpenSSL 0.9.8g. I never >> saw any follow up? Is there a fix known for this? I am using a locally >> compiled version of FreeRadius 2.1.7. It's linked against the system >> OpenSSL libraries though. Building a local 0.9.8k or even 1.0.0 is >> certainly an option if there is a chance it will help. > > There isn't a lot we can do. It's not clear *why* OpenSSL resumes > sessions when session resumption is disabled.
I did manage to find an easy workaround for this. Simply enabling the cache in eap.conf allows these connections to succeed. I think there may still be a bug somewhere, or maybe more than one. At a minimum it seems a bit foolish for wpa_supplicant to keep trying to do a fast reconnect after getting an Access-Reject. Whatever the root problem is, there is an easy workaround. I wanted to follow up primarily in case others find this thread in the future it will have a workaround. I'm guessing the only real downside to enabling the EAP cache is memory usage, which I'm not too worried about. -David Mitchell > > Alan DeKok. > - > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- ----------------------------------------------------------------- | David Mitchell ([email protected]) Network Engineer IV | | Tel: (303) 497-1845 National Center for | | FAX: (303) 497-1818 Atmospheric Research | ----------------------------------------------------------------- - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
