RFC 9190 · PROPOSED STANDARD · 2022 SUN · 14 JUN 2026

EAP-TLS 1.3: Using the Extensible Authentication Protocol with TLS 1.3

By J. Preuß Mattsson, M. Sethi · Published February 2022 · DOI 10.17487/RFC9190

Overview

RFC 9190, “EAP-TLS 1.3: Using the Extensible Authentication Protocol with TLS 1.3”, is a Proposed Standard document published in February 2022 by J. Preuß Mattsson, M. Sethi. It updates RFC 5216. It has since been updated by RFC 9965. The canonical text is published by the RFC Editor.

Abstract

The Extensible Authentication Protocol (EAP), defined in RFC 3748, provides a standard mechanism for support of multiple authentication methods. This document specifies the use of EAP-TLS with TLS 1.3 while remaining backwards compatible with existing implementations of EAP-TLS. TLS 1.3 provides significantly improved security and privacy, and reduced latency when compared to earlier versions of TLS. EAP-TLS with TLS 1.3 (EAP-TLS 1.3) further improves security and privacy by always providing forward secrecy, never disclosing the peer identity, and by mandating use of revocation checking when compared to EAP-TLS with earlier versions of TLS. This document also provides guidance on authentication, authorization, and resumption for EAP-TLS in general (regardless of the underlying TLS version used). This document updates RFC 5216.

Abstract as published in the RFC, via rfc-editor.org.

What “Proposed Standard” means

An entry-level standards-track specification: stable, peer-reviewed and a solid basis for implementation, though it may still evolve before becoming an Internet Standard.

Read this RFC

The canonical text of RFC 9190 is hosted at rfc-editor.org. Available in HTML,TXT,PDF,XML.

Read on rfc-editor.org Plain text › HTML › IETF Datatracker › DOI link ›

Relationships to other RFCs

This RFC updates: RFC 5216
Updated by: RFC 9965

Other RFCs from 2022

Abstract

What “Proposed Standard” means

Who Is Online