diff options
| author | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-08-26 10:41:52 +0000 |
|---|---|---|
| committer | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-08-26 10:41:52 +0000 |
| commit | de8bf9112695763664912e340b265fa898188460 (patch) | |
| tree | 9bcd5f8d45fc3b81174d3de8abfd573b68e9d7f6 /raddb/sites-available/tls | |
| parent | Adding debian version 3.2.3+dfsg-2. (diff) | |
| download | freeradius-de8bf9112695763664912e340b265fa898188460.tar.xz freeradius-de8bf9112695763664912e340b265fa898188460.zip | |
Merging upstream version 3.2.5+dfsg.
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to 'raddb/sites-available/tls')
| -rw-r--r-- | raddb/sites-available/tls | 44 |
1 files changed, 42 insertions, 2 deletions
diff --git a/raddb/sites-available/tls b/raddb/sites-available/tls index 137fcbc..6eab1fe 100644 --- a/raddb/sites-available/tls +++ b/raddb/sites-available/tls @@ -56,12 +56,15 @@ listen { # type = auth+acct - # For now, only TCP transport is allowed. + # For now, only TCP transport is allowed. proto = tcp - # Send packets to the default virtual server + # Send packets to the default virtual server virtual_server = default + # + # We have clients specifically for TLS. + # clients = radsec # @@ -88,6 +91,22 @@ listen { # proxy_protocol = no # + # This configuration item should be enabled for all listen + # sections which do TLS. + # + # It is only disabled because we are careful about changing + # existing behavior in a stable release. + # + # Setting this configuration item to "yes" means that the + # server will be able to gracefully recover if a TLS + # connection is blocking at the network layer. + # + # Note that setting "nonblock = yes" is NOT possible for bare + # TCP connections. RADIUS/TCP should generally be avoided. + # +# nonblock = yes + + # # When this is set to "yes", new TLS connections # are processed through a section called # @@ -310,6 +329,11 @@ listen { tls_max_version = "1.3" # + # See mods-available/eap for documentation + # + ecdh_curve = "" + + # # Session resumption / fast reauthentication # cache. # @@ -514,6 +538,22 @@ home_server tls { proto = tcp status_check = none + # + # This configuration item should be enabled for all + # home_server sections which do TLS. + # + # It is only disabled because we are careful about changing + # existing behavior in a stable release. + # + # Setting this configuration item to "yes" means that the + # server will be able to gracefully recover if a TLS + # connection is blocking at the network layer. + # + # Note that setting "nonblock = yes" is NOT possible for bare + # TCP connections. RADIUS/TCP should generally be avoided. + # +# nonblock = yes + tls { # # Similarly to HTTP, the client can use Server Name |