Mutual EAP-TTLS Authentication

Jouni Malinen j
Tue Sep 23 03:02:24 PDT 2008

On Mon, Sep 22, 2008 at 12:58:05PM +0200, Martin Schneider wrote:

> we're trying to perform mutual EAP-TTLS authentication of client and
> server with the following setup:

> The question is: is mutual authentication really possible with the
> latest developer releases of hostapd / wpa_supplicant and if yes,
> could please somebody provide us with example config files? Maybe we
> didn't find the parameters needed for the desired effect...

What exactly do you mean with "mutual authentication" here? The common
use case for EAP-TTLS is to authenticate the server during the TLS
handshake (X.509 certificate verified against a trusted CA) and client
during Phase 2 using username/password. Are you trying to use client
certificate during TLS handshake? If yes, what would you expect to see
in Phase 2?

Jouni Malinen                                            PGP id EFC895FA

More information about the Hostap mailing list