PEAP vs. TTLS and forward secrecy (was: Re: WPA2 Client Authentication using Radius and remote LDAP server)

Alan Buxey alan.buxey at
Sat Sep 22 12:45:20 CEST 2018

Both can also , depending on client and server, trust anchoring (crypto
binding). TTLS has the advantage of being able to carry/tunnel a whole load
of sub types (though commonly only around 4 are supported by clients and


On Thu, 20 Sep 2018, 15:27 Hans-Christian Esperer, <hc at> wrote:

> Hi,
> On Thu, Sep 20, 2018 at 06:43:29AM -0400, Alan DeKok wrote:
> > On Sep 20, 2018, at 2:15 AM, Hans-Christian Esperer <hc at>
> wrote:
> > > Is there any advantage of TTLS over PEAP security wise?
> >
> >   Not a lot.  They're both based on EAP-TLS, so they share that security.
> Okay, thank you. I know this is not related to this thread anymore, but
> could
> you elaborate a bit on the "Not a lot"?
> Another question, while we're at it: I just read about WPA3 and realized
> that
> WPA2-PSK does not offer forward secrecy. AFAICT EAP-TLS, TTLS and PEAP *do*
> provide forward secrecy, as long as the TLS handshake establishes a
> session key
> via diffie hellman. Correct?
> Now I wonder whether EAP-PWD, which uses a PSK per user, also provides
> forward
> secrecy? My assumption is that it doesn't.
> Thanks
>  HC
> -
> List info/subscribe/unsubscribe? See

More information about the Freeradius-Users mailing list