The following commands support RADIUS over TLS:
configure radius {mgmt-access | netlogin} [primary | secondary | index] server [host_ipaddr | host_ipV6addr | hostname] {udp_port | tls {tls_port}} client-ip [client_ipaddr | client_ipV6addr] {vr vr_name} {shared-secret {encrypted} secret}
configure radius-accounting { mgmt-access | netlogin } [ primary | secondary | index ] server [ host_ipaddr | host_ipV6addr | hostname] {udp_port | tls {tls_port}} client-ip [ client_ipaddr | client_ipV6addr] {vr vr_name} {shared-secret {encrypted} secret}
configure radius tls ocsp nonce [on | off]
configure radius tls ocsp [ on | off]
configure radius tls ocsp override [url | none]
configure radius tls ocsp signer ocsp-nocheck [on | off]
configure radius tls tcp-user-timeout [ seconds | default]