Search RFCs

RFC Editor

File formats:

Status:

INFORMATIONAL

Updated by:

RFC 8996,RFC 9427

Authors:

P. Funk
S. Blake-Wilson

Stream:

IETF

Source:

NON WORKING GROUP

Cite this RFC:TXT  | XML  |  BibTeX

DOI:  https://doi.org/10.17487/RFC5281

Discuss this RFC: Send questions or comments to the mailing listiesg@ietf.org

Other actions:View Errata  | Submit Errata  | Find IPR Disclosures from the IETF  | View History of RFC 5281

Abstract

EAP-TTLS is an EAP (Extensible Authentication Protocol) method thatencapsulates a TLS (Transport Layer Security) session, consisting ofa handshake phase and a data phase. During the handshake phase, theserver is authenticated to the client (or client and server aremutually authenticated) using standard TLS procedures, and keyingmaterial is generated in order to create a cryptographically securetunnel for information exchange in the subsequent data phase. Duringthe data phase, the client is authenticated to the server (or clientand server are mutually authenticated) using an arbitraryauthentication mechanism encapsulated within the secure tunnel. Theencapsulated authentication mechanism may itself be EAP, or it maybe another authentication protocol such as PAP, CHAP, MS-CHAP, orMS-CHAP-V2. Thus, EAP-TTLS allows legacy password-based authenticationprotocols to be used against existing authentication databases,while protecting the security of these legacy protocols againsteavesdropping, man-in-the-middle, and other attacks. The data phasemay also be used for additional, arbitrary data exchange. This memo provides information for the Internet community.

For the definition ofStatus,seeRFC 2026.

For the definition ofStream, seeRFC 8729.