Martin Schneider martincschneider
Wed Aug 13 07:10:38 PDT 2008

Hi Brian and others

> Differences between EAP-TLS and EAP-TTLS
> 1) EAP-TTLS is divided into 2 phases: In the first phase: it uses EAP-TLS to
> set up a tunnel. In this phase the client authenticate the server. The
> server is unable to authenticate the client because the client usually use
> anonymous id in the first phase. In the second phase, EA-TTLS uses another
> authentication method( can be other EAPs or MS-CHAP) in the tunnel. In this
> phase, the client uses its actual identity. Thew server will authenticate
> the client. Therefore, mutual authentication is achieved. In contrast,
> EAP-TLS uses only one phase, which is the TLS handshake phase to complete
> the mutual authentication. As a result, the identity is exposed in clear
> text in the first EAP-TLS message.

Ok, thanks for this explanation! So actually, I could say that phase 1
("Handshake phase") is the "outer" EAP-Method (EAP-TTLS) and phase 2
(the "Tunnel phase") is the inner EAP-Method, e.g. EAP-MD5 or MS-CHAP.
So EAP-TTLS *always* needs an "inner" EAP-method for authenticating
the client...

> 3) If you are using EAP-TLS in the tunnel of EAP-TTLS, the
> authentication process will take slightly longer because EAP-TTLS will
> perform 2 EAP-TLS. One for setting up the tunnel, and another inside the
> tunnel. Whereas EAP-TLS will only perform message exchanges of 1 EAP-TLS
> using lesser number of message exchanges. Of course if the tunnel in
> EAP-TTLS is not using EAP-TLS, it will be another story.

Ok, so *basically* EAP-TTLS/EAP-TLS is like EAP-TTLS with the optional
Client authentication of EAP-TTLS.


More information about the Hostap mailing list