EAP-TLS is a bit different from conventional TLS in its use of TLS Handshake and TLS Record layers. Usually when you use TLS for let's say a web server authentication session, the TLS handshake layer is used for authentication and key material derivation, and subsequently the TLS Record layer is used to encrypt subsequent data frames in the above authentication session.
EAP-TLS on the other hand, if let's say it's used with a 802.11 WLAN client to authenticate with a back end RADIUS server, carries out the bilateral authentication using both client and server certs for credentials, derives all the necessary key material, which is then used for encrypting Class 3 data frames sent over the wireless link. Without deriving the master secret you will not have the key material necessary in deriving the unicast encryption keys. -Areg A. -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Frederic Evrard Sent: Monday, July 12, 2004 12:01 PM To: [EMAIL PROTECTED] Subject: TLS protocol question Hello, I'm using open-ssl to do EAP-TLS authentication, then I've a question about something strange for me. When you want to use TLS to mount an uncrypted tunnel, you need a session key, but in authentication you only need certificate checking ?? Why generate pre-master-key, master-key, etc... if datas aren't crypted after authentication. Is it just to respect the protocol ? Thanks Fred.EVRARD ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED] ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
