3.3.7.1 TLS Session Established Successfully

  • Article

If the TLS session established successfully:

inputParameter: TLS message

outputParameter:

  • CtxtHandle (a context handle returned by TLS layer)

  • isSessionResumed (a Boolean flag indicating whether the underlying TLS session is resumed (as defined in sections 7.3 and F.1.4 of [RFC2246]); TRUE indicates that the TLS session is resumed.)

This event will be received from the TLS layer in response to a TLS message passed to it by the PEAP layer during phase 1. If the currentState variable is not set to PEAP_PHASE1_INPROGRESS, ignore this event. Otherwise, the PEAP layer MUST do the following steps in sequence:

  1. Store the isSessionResumed to isFastReconnectAllowed.

  2. If isFastReconnectAllowed is set to TRUE, but the server is not able to start fast reconnect because of implementation-defined reasons, then prepare an EAP Identity request packet. Compress the packet as described in section 3.1.5.6. Set isFastReconnectAllowed to FALSE. Change currentState to INNER_IDENTITY_SENT. Go to Step 7.

  3. If isFastReconnectAllowed is set to TRUE, but the server cannot continue authentication because of implementation-defined reasons, then it MUST create an EAP TLV Extensions Method (section 2.2.8.1) packet with Result TLV (section 2.2.8.1.2) (the value field set to 2). Set isFastReconnectAllowed to FALSE. Change currentState to FAILURE_TLV_SENT. Got to Step 7.

  4. If isFastReconnectAllowed is set to FALSE, then prepare an EAP Identity Request packet. Compress the packet as described in section 3.1.5.6. Change currentState to INNER_IDENTITY_REQ_SENT. Go to Step 7.

  5. If isFastReconnectAllowed is set to TRUE and the isSoHEnabled field is set to TRUE, prepare a SoH EAP Extensions Method (section 2.2.8.2) packet with a SoH Request TLV (section 2.2.8.2.1) within it. Change currentState to WAIT_FOR_SOH_RESPONSE and proceed to step 7.

  6. If the above conditions are not satisfied, then prepare an EAP TLV Extensions Method packet with Result TLV (the value field set to 1) and if isCryptoSupported is set to TRUE, then add a Cryptobinding TLV (section 2.2.8.1.1) (with a value generated by server, as described in section 3.3.5.3). Change currentState to SUCCESS_TLV_SENT. Go to Step 7.

  7. Store the CtxtHandle returned by the TLS layer. Encrypt the packet generated above by passing it to the TLS layer using the EncryptMessage method, and after receiving the encrypted data, prepare a PEAP packet with the encrypted data as the Data field, and send it to the peer (see section 3.1.5.2.2). Change currentState to SUCCESS_TLV_SENT.