(Tunneled TLS) - is an EAP-Type for authentication that employs a two-phase authentication process. In the first phase the Authentication Server is authenticated to the Supplicant using an X.509 certificate. Using TLS, a secure channel is established through which the Supplicant can be authenticated to the Authentication Server using legacy PPP authentication protocols such as PAP, CHAP, and MS-CHAP. EAP-TTLS has the advantage over EAP-TLS that it only requires a certificate at the Authentication Server. It also makes possible forwarding of Supplicant requests to a legacy RADIUS server. EAP-TTLS also supports identity hiding where the Authenticator is only aware of the anonymous username used to establish the TLS channel during the first phase but not the individual user authenticated during the second phase.

EAP-TTLS (Extensible Authentication Protocol-Tunneled Transport Layer Service) authentication is a type of mutual authentication where just the server sends a digital certificate to identify itself to the clients. See also EAP and EAP-TLS.

An EAP type implementing TLS to secure a tunnel in which a Diameter-based transaction is performed to provide authentication.