Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Phase 1 of PEAP is a slightly modified implementation of EAP-TLS, as specified in [RFC5216], the only differences being:
A PEAP peer MAY send a certificate when requested by a PEAP server.
Implementations MUST set the Type field of the EAP packets to 25 (PEAP).
To ensure interoperability, PEAP peers and PEAP servers MUST be able to negotiate the following TLS cipher suites (as specified in [RFC2246] section A.5):
TLS_RSA_WITH_RC4_128_MD5
TLS_RSA_WITH_RC4_128_SHA
TLS v1.3, specified in [RFC9427], SHOULD<8> be used for TLS Tunnel establishment. If TLS v1.3 is not supported, TLS v1.2 or earlier SHOULD<9> be used.
For more information on the semantics associated with phase 1 of PEAP, see sections 3.2.5.2 and 3.3.5.2.