EAP-TTLS and EAP-TLS in RADIUS: Which is more accepted?

Asked Sep 04 '19 at 14:11

Active Sep 04 '19 at 18:40

Viewed 279 times

From what I understand:

EAP-TTLS forces the RADIUS server to identify itself to a client with a certificate, but optionally a client to the server. All information about an end-user is encrypted through a tunnel.

EAP-TLS forces the RADIUS server and the client to identify themselves with a certificate. The end-user's name is exposed in cleartext.

Assuming this is correct;

Is it possible to force a TTLS configuration to authenticate both sides? If so, does that not simply make it objectively better than TLS?

Is the fact that TLS exposes usernames incredibly relevant on a private network?

In general, which is more accepted as "the way to do it"?

edited Oct 07 '21 at 07:59

Community

asked Sep 04 '19 at 14:11

Tim Morris

usernames tend not to be classified as private or protected information – schroeder Sep 04 '19 at 14:13
@schroeder I figured it's a privacy concern nonetheless. – Tim Morris Sep 04 '19 at 15:21
Why did you edit the question title? This question isn't primarily about exposed usernames. – Tim Morris Sep 04 '19 at 17:05
"accepted" in what way? – schroeder Sep 04 '19 at 17:07

EAP-TTLS and EAP-TLS in RADIUS: Which is more accepted?

0 Answers0