Security update for configurations with TLS; FreeRADIUS intentionally
skips inner authentication for TLS resumption, however it allows a
session to be resumed before the initial connection has authenticated,
allowing access without auth to a malicious supplicant. CVE-2017-9148,
See http://seclists.org/oss-sec/2017/q2/342
Workaround: set "enabled = no" in the cache section of raddb/mods-enabled/eap.
a4d4b9922a