EAP-TLS (EAP-Transport Layer Security) is defined in RFC 5216 & considered as most secure EAP methods used in WLAN. EAP-TLS is required to use client-side certificates in addition to server-side certificate. However maintain a client-side certificates is challenging (maintain PKI infrastructue & manage client certs).
Here is the EAP-TLS process. (page 152 of CWSP Study Guide)
As you can see above, there is no tunnel establishes for inner authentication to take place like any other EAP methods (PEAP, FAST,TTLS). There is an optional privacy mode available where TLS handshake established prior to client identity is passed (not implemented by vendors).
Here is a packet capture of a supplicant using EAP-TLS for authentication. Supplicant is having MAC 00:20:a6:ca:6b:b4
Here is the details of the EAP-TLS frame exchange. Like any other EAP methods first two frames are “Identity Request (step 4a)” & “Identity Response (step 4b)” excluding optional EAPOL start frame.
Here is the EAP-Identity Response frame (4b) send by Supplicant. Note that outer identity is go as cleartext.
Then AS will send “EAP-TLS start” frame to supplicant as shown below. Note that type 13 identify “TLS” & code 1 identify as “Request” frame.
Then Supplicant start validating the server certificate process (step 5a) with a “Client Hello” frame. Below shows the detail steps involved in Server & Client Certificate validation.(image source)
Here is the Client Hello frame.
Then AS sending certificate with Server-Hello, Certificate, Certificate Request, Server-Hello-Complete. As you can see server certs will use fragmented frames as of the size of cert.(in my example 3 fragmented frames 51,55 & 59).
Once Server Hello Done, AS start the client certificate verification (step 5b). Supplicant sent client certificate,client key exchange, Cert Verification, Change Cipher spec (again there are more than fragments in my capture-62,66).
Here is the change cipher spec (frame 68) send by Authenticating Server.
Here is the EAP-Response frame send by Supplicant to complete the Client Certificate (step 5b) process.
Finally AS will send RADIUS Accept (or Reject) where inturn Authenticator convert it to EAP-Success(or Failure) frame (step 7). Here is my EAP Success frame (Code 3).
This point, 4-Way Handshake starts (step 8-11 & frames 74,76,78,80).
Reference
1. EAP-TLS sample packet capture.
2. CWSP Official Study Guide – Chapter 4
Related Posts
1. CWSP- EAP Basics
2. CWSP- EAP PEAP
3. CWSP- EAP FAST
4. CWSP- EAP LEAP
5. CWSP- EAP TTLS
6. CWSP- EAP MD5
mrn-cciew 
Hi Rasika,
Really nice description I ever found for ELS .
I have one simple question , When will device(Iphone connect over wifi) get IP address (I mean to say after authentication or before authenitcation )?
Many Thanks,
Brijesh Patel
Only after Authentication
HTH
Rasika
Thank you
Please tell me how to identify if server has authenticate itself in the process.
if the server is trying to authenticate itself then it uses the NEAT protocol. NEAT use the CISP for that.
Hello Rasika,
Thank you for explaining the process with the captures. Its really helpful.
Regards,
Kalidass
Hi there,
Very interesting post. Presumably the packet capture was taken at the client so the communication between AS and the Authenticator is not shown?
For example, when you say, “Then AS will send “EAP-TLS start” frame to supplicant” the frame that’s shown in your explanation is the 802.1x frame that’s proxied between Authenticator and Supplicant?
If a capture was taken between AS and Authenticator for the “EAP-TLS start” would this be in a RADIUS packet? so:
EthII – IP – UDP – RADIUS – EAP – TLS start
Thank you.
Yes, I have taken capture at client side
Rasika
Hi,
if wrong credentials were given for example certificates in EAP-TLS, where the failure occurs and what is the message we can observe in the sniffer.
Thanks and regards,
Venkat
Hello Rasika,
How AS comes to know that Supplicant is requesting authentication if EAPOL start message not sent(It is an optional)?
Regards,
Rajasekhar