Mutual EAP-TTLS Authentication

Jouni Malinen j at w1.fi
Tue Sep 23 06:02:24 EDT 2008


On Mon, Sep 22, 2008 at 12:58:05PM +0200, Martin Schneider wrote:

> we're trying to perform mutual EAP-TTLS authentication of client and
> server with the following setup:

> The question is: is mutual authentication really possible with the
> latest developer releases of hostapd / wpa_supplicant and if yes,
> could please somebody provide us with example config files? Maybe we
> didn't find the parameters needed for the desired effect...

What exactly do you mean with "mutual authentication" here? The common
use case for EAP-TTLS is to authenticate the server during the TLS
handshake (X.509 certificate verified against a trusted CA) and client
during Phase 2 using username/password. Are you trying to use client
certificate during TLS handshake? If yes, what would you expect to see
in Phase 2?

-- 
Jouni Malinen                                            PGP id EFC895FA


More information about the HostAP mailing list