Open main menu
Home
Random
Recent changes
Special pages
Community portal
Preferences
About Wikipedia
Disclaimers
Incubator escapee wiki
Search
User menu
Talk
Dark mode
Contributions
Create account
Log in
Editing
Extensible Authentication Protocol
(section)
Warning:
You are not logged in. Your IP address will be publicly visible if you make any edits. If you
log in
or
create an account
, your edits will be attributed to your username, along with other benefits.
Anti-spam check. Do
not
fill this in!
===EAP Tunneled Transport Layer Security (EAP-TTLS)=== {{Redirect|TTLS|the children's song|Twinkle, Twinkle, Little Star}} EAP Tunneled Transport Layer Security (EAP-TTLS) is an EAP protocol that extends [[Transport Layer Security|TLS]]. It was co-developed by [[Funk Software]] and [[Certicom]] and is widely supported across platforms. Microsoft did not incorporate native support for the EAP-TTLS protocol in [[Windows XP]], [[Windows Vista|Vista]], or [[Windows 7|7]]. Supporting TTLS on these platforms requires third-party Encryption Control Protocol (ECP) certified software. [[Microsoft Windows]] started EAP-TTLS support with [[Windows 8]],<ref>[https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2012-R2-and-2012/hh945104(v=ws.11) Extensible Authentication Protocol (EAP) Settings for Network Access]</ref> support for EAP-TTLS<ref>{{cite web|url=http://forums.wpcentral.com/windows-phone-8/200619-802-1x-eap-ttls-support.html |title=802.1x / EAP TTLS support? β Windows Phone Central Forums |publisher=Forums.wpcentral.com |access-date=2014-04-17}}</ref> appeared in Windows Phone [[Windows Phone 8.1|version 8.1]].<ref>{{cite web|url=https://technet.microsoft.com/library/dn643706.aspx |title=Enterprise Wi-Fi authentication (EAP) |publisher=Microsoft.com |access-date=2014-04-23}}</ref> The client can, but does not have to be authenticated via a [[certificate authority|CA]]-signed [[public key infrastructure|PKI]] certificate to the server. This greatly simplifies the setup procedure since a certificate is not needed on every client. After the server is securely authenticated to the client via its CA certificate and optionally the client to the server, the server can then use the established secure connection ("tunnel") to authenticate the client. It can use an existing and widely deployed authentication protocol and infrastructure, incorporating legacy password mechanisms and authentication databases, while the secure tunnel provides protection from [[eavesdropping]] and [[man-in-the-middle attack]]. Note that the user's name is never transmitted in unencrypted clear text, improving privacy. Two distinct versions of EAP-TTLS exist: original EAP-TTLS (a.k.a. EAP-TTLSv0) and EAP-TTLSv1. EAP-TTLSv0 is described in {{IETF RFC|5281}}, EAP-TTLSv1 is available as an Internet draft.<ref>{{cite IETF|draft=draft-funk-eap-ttls-v1-01|title=EAP Tunneled TLS Authentication Protocol Version 1 (EAP-TTLSv1)}}</ref>
Edit summary
(Briefly describe your changes)
By publishing changes, you agree to the
Terms of Use
, and you irrevocably agree to release your contribution under the
CC BY-SA 4.0 License
and the
GFDL
. You agree that a hyperlink or URL is sufficient attribution under the Creative Commons license.
Cancel
Editing help
(opens in new window)