EAP-TLS Support
Other versions of this page are also available for the following:
.gif "A hyphen indicates that the information in this topic is not relevant for this platform, or that the platform does not support the API that is listed.")
.gif "A checkmark indicates that the information in this topic is relevant for this platform, and that any API listed is also supported on this platform.")
8/28/2008
EAP-Transport Level Security (EAP-TLS) is an EAP type that is used for smart card or certificate-based authentication. The EAP-TLS exchange of messages provides mutual authentication, integrity-protected cipher suite negotiation, and private key exchange and determination between the access client and the authenticating server.
The following list shows the reasons that EAP-TLS using registry-based client certificates provides the strongest authentication for wireless connectivity:
- EAP-TLS does not require any dependencies on the user account's password.
- EAP-TLS authentication occurs automatically, usually with no intervention by the user.
- EAP-TLS uses certificates, and this is a relatively strong authentication scheme.
- The EAP-TLS exchange is protected with public key cryptography and is not susceptible to offline dictionary attacks.
- The EAP-TLS authentication process results in mutually determined keying material for data encryption and signing.
For more information about EAP-TLS, see Transport Level Security (TLS).
See Also
Concepts
Other Resources
Smart Card
Certificate Authentication
Certificates
Certificates OS Design Development