From: Alan T. DeKok <aland@freeradius.org>
Date: Tue, 11 Apr 2023 12:50:55 +0000 (-0400)
Subject: document radiusv11 configuration
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=db0efcc13392e31836dbb405379899f63ae898db;p=thirdparty%2Ffreeradius-server.git

document radiusv11 configuration
---

diff --git a/raddb/sites-available/tls b/raddb/sites-available/tls
index 137fcbc6cc..e58c784144 100644
--- a/raddb/sites-available/tls
+++ b/raddb/sites-available/tls
@@ -309,6 +309,17 @@ listen {
 		tls_min_version = "1.2"
 		tls_max_version = "1.3"
 
+		#
+		#  RADIUSv11 configuration
+		#
+		#  forbid  - just use normal RADIUS/TLS
+		#  allow   - use RADIUSv11 if the other end negotiates it
+		#  require - require the use of RADIUSv11 on this connection.
+		#
+		#  The default is "forbid"
+		#
+	#	radiusv11 = forbid
+
 		#
 		#  Session resumption / fast reauthentication
 		#  cache.
@@ -477,6 +488,8 @@ clients radsec {
 		#
 		secret = radsec
 
+	#	radiusv11 = forbid
+
 		#
 		#  You can also use a "limit" section here.
 		#  See raddb/clients.conf for examples.
@@ -550,6 +563,9 @@ home_server tls {
 		#
 	#	hostname = "example.com"
 
+
+	#	radiusv11 = forbid
+
 		private_key_password = whatever
 		private_key_file = ${certdir}/client.pem