Mutual TLS authentication in handshake phase of EAP-TTLS

Lewis Adam-VNQM87 VNQM87
Thu Feb 25 03:42:11 PST 2010


  apologies if this question has been answered elsewhere - I looked but
couldn't see anything, even in the "Mutual EAP-TTLS Authentication"

I am currently looking at the eapol_test code to see if I can use it as
a RADIUS client. I have ran eapol_test with various EAP-TLS and EAP-TTLS
configuration files, testing successfully with a freeRADIUS server.
Looking at the EAP-TTLS RFC 5281, I have read the following: 

In EAP-TTLS, the TLS authentication may be mutual; or it may be one-way,
in which only the server is authenticated to the client.

My question is, does eapol_test currently allow mutual TLS
authentication for EAP-TTLS? If so, how do I configure it (or the
configuration files) to do so? I believe the tunnelled protocol can also
be TLS but I want to avoid this as I need to have the ability to verify
users rather than the client (e.g. by doing user/password checks).

I'd appreciate any help you can give.

Adam Lewis.

-------------- next part --------------
An HTML attachment was scrubbed...

More information about the Hostap mailing list