1.4.3.1 EAP-PEAP TLS

The phase 1 authentication is the same as in EAP-PEAP. The second phase of the PEAP conversation consists of another complete EAP-TLS conversation (as shown in Figure 1-6) occurring within the TLS session negotiated in the PEAP phase 1. Since all packets sent within the PEAP phase 2 conversation occur after TLS session establishment, they are protected using the negotiated TLS cipher suite.