Skip to content

[feature]: Support for RFC 9887 - TACACS+ over TLS 1.3 #5740

New issue
New issue
Open
Open
[feature]: Support for RFC 9887 - TACACS+ over TLS 1.3#5740
Labels
feature enhancementcategory: a new feature (an extension of functionality)
@pgiralt

Description

@pgiralt
pgiralt
opened on Feb 10, 2026

What type of feature is needed?

Changed behavior to existing functionality

What is the feature?

TACACS+ over TCP uses MD5 for obfuscation of secrets on the network and the use of a weak algorithm presents a security risk in modern networks. RFC9887 addresses this problem by proposing a mechanism to transport TACACS+ traffic over a secure TLS 1.3 connection, eliminating the obfuscation mechanism defined in RFC8907.

FreeRADIUS should add support for RFC9887 by allowing users to authenticate a remote network device through the verification and authentication of the client certificate presented by the device as defined in the RFC.

Metadata

Metadata

Assignees

No one assigned

    Labels

    feature enhancementcategory: a new feature (an extension of functionality)

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions