PEAP vs. TTLS and forward secrecy (was: Re: WPA2 Client Authentication using Radius and remote LDAP server)

Alan DeKok aland at
Thu Sep 20 16:46:45 CEST 2018

On Sep 20, 2018, at 10:26 AM, Hans-Christian Esperer <hc at> wrote:
>>  Not a lot.  They're both based on EAP-TLS, so they share that security.
> Okay, thank you. I know this is not related to this thread anymore, but could
> you elaborate a bit on the "Not a lot"?

  They can both carry MS-CHAP inside of the TLS tunnel.  Only TTLS can do PAP or CHAP, or other EAP methods.  PEAP can do EAP-GTC, which is sort of PAP if you look hard enough.

  Both can do client certificates, tho Windows doesn't support it.

> Another question, while we're at it: I just read about WPA3 and realized that
> WPA2-PSK does not offer forward secrecy. AFAICT EAP-TLS, TTLS and PEAP *do*
> provide forward secrecy, as long as the TLS handshake establishes a session key
> via diffie hellman. Correct?
> Now I wonder whether EAP-PWD, which uses a PSK per user, also provides forward
> secrecy? My assumption is that it doesn't.

  Forward secrecy depends on the cipher suite you select.  So "it all depends" is the best answer.

  Alan DeKok.

More information about the Freeradius-Users mailing list