Mutual TLS authentication in handshake phase of EAP-TTLS

Lewis Adam-VNQM87 VNQM87
Wed Mar 3 02:31:23 PST 2010

Hello again.

  Is there anybody who can advise me as to what I can do next? It would
be really
useful to know whether mutual TLS authentication is supported for TTLS.
I don't
know if the question is valid or not appropriate for this forum. I
appreciate that
the functionality of eapol_test is not as critical as that of the
but I would hope the answer would still be of general interest.

Adam Lewis

> -----Original Message-----
> From: Lewis Adam-VNQM87 
> Sent: Thursday, February 25, 2010 11:42 AM
> To: 'hostap at'
> Subject: Mutual TLS authentication in handshake phase of EAP-TTLS
> Hi,
>   apologies if this question has been answered elsewhere - I 
> looked but couldn't see anything, even in the "Mutual 
> EAP-TTLS Authentication" thread.
> I am currently looking at the eapol_test code to see if I can 
> use it as a RADIUS client. I have ran eapol_test with various 
> EAP-TLS and EAP-TTLS configuration files, testing 
> successfully with a freeRADIUS server. Looking at the 
> EAP-TTLS RFC 5281, I have read the following: 
> In EAP-TTLS, the TLS authentication may be mutual; or it may 
> be one-way, in which only the server is authenticated to the client.
> My question is, does eapol_test currently allow mutual TLS 
> authentication for EAP-TTLS? If so, how do I configure it (or 
> the configuration files) to do so? I believe the tunnelled 
> protocol can also be TLS but I want to avoid this as I need 
> to have the ability to verify users rather than the client 
> (e.g. by doing user/password checks).
> I'd appreciate any help you can give.
> Regards,
> Adam Lewis.

More information about the Hostap mailing list