Dear all
I want to clarify my understandings on EAP-TLS protocol.
(from RFC 5216 Section 2.1.4.)
When both the peer and the server support privacy mutual authentication will
occur like following:
There are two TLS handshakes will occur.
In First:
- Only Server will send its certificate and requests for client's certificate.
- Client will respond with empty certificate and don't verifies the Server
Certificate.
- Client will generate Pre-Master secret, Master Secret, Session keys.
- Client will send its Pre-Master secret encrypted with Server's public key
- Client will send Finished message encrypted with Session key
- Server also generates secrets and session key.
The subsequent normal TLS handshake is occured within the tunnel??
All traffic during this(second-normal TLS handshake) will be encrypted with
session keys just generated!??
After successfull of the second TLS handshake, there are will be generated new
Pre-Master, Master secrets and Session keys!??
Only these new generated session keys are used afterwards!??
This method is like other tunneled methods but with EAP-TLS method in inner
method!? Is it right?
Please correct me if I am wrong..
Any help would be greatly appreciated
Thank you
bakyt
_______________________________________________
Emu mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/emu
