diff --git a/autotests/misc/certs/cert-client-key-md5-des.pem b/autotests/misc/certs/cert-client-key-md5-des.pem
new file mode 100644
index 00000000..e3edfc58
--- /dev/null
+++ b/autotests/misc/certs/cert-client-key-md5-des.pem
@@ -0,0 +1,29 @@
+-----BEGIN ENCRYPTED PRIVATE KEY-----
+MIIE6TAbBgkqhkiG9w0BBQMwDgQI4Jws4ZHp7oQCAggABIIEyGImScBCorOX2u/F
+ISGvMBLavYPfA1f349fcfPfjbMeTLtrubuFfSYJDrB1KaP4oWsK3RA8AjuNtP49N
+fWjaAD6E9YTcNPVODgqNaoeslatqszPEqsqfx+vz1inTc+dyZ8ZYTWDlWAFSC33B
+k6z5CX68YdujTI9hBtkwAJuCoSSIKJNM7duSXzlxM3IfCfzRn4BuO+8usdxqrc5A
+p1R+LvDehIeOrQxkpJE3oHPq1xcCG4/WOnHWwRlmHmQIc2Z+ZLdgFjXYLvmNG58B
+PcBAxWjppmZZMXiMqIoZxqQ7hBhwqI2wxCFYAihf4cgn6bT37sv0CeNPjRHfftpr
+3tWgSeqLbov7Sfm5f1tq3AhJ3om8aaHEL8vUexs0j9mKhJyM0gyel+d1pHSi9/Ka
+U/qNk2KzhZl4+/p7ngjkK8or7IDgbRQWzRXac6uxnvhDRuCZWWAjgzq7A9KdjMCf
+T0+OX9USpOl2/cQSeKdRY5xKLBudQGilMvKZwd+rxBMkDBCwl+fj5HX1Tcj085kv
+CSEOpA90HvqI9VvdxPw0KKWTc/d3FgWKVVzEqtVUCbtDGXZnv3Kt9F05zoX/wL2k
+PkCd7yQouCYxPevVVz1kus5mwWHaZbEUW6S9GUSeZXs/Itb9Jwl9X6m1G9e393U+
+FQb95dfDzP1zQzemLJ+Iu6rkmKNC6x1pC+hNG3jy5QRoQ9wB4WV4q3JRHFUECEgd
+CAN52Saz9f7qt1MmoNPM0fSS+ovh08KoABEI7mp8s9fFj0b7x9h/zlRgigNKp+JE
+N9/51OSopajlse0ly+1zb8I2iOGeA3U4cvZG5mEP+kstJvdD4PYgx9cWDm6EDKmN
+4nIL48aNoWFxa7MGJsmQo56QmGAxG7lZusVu4lYUvHQsmqDQWhqBz1k/f4GzioN0
+7wslyuElIrZyRugYdh+Epy7WbXRi9nBhwuWpOx8TnwOszWIfJT7NLWH+/SaVzuG4
+IsR1gnaQ5HLPyXxuaJkzcZs7EOG5S5MT7tDW9i72RZUiUPGztmhOLxkYrH/r3UCa
+8Agc1nYXs8VH9sV+LMMGdCVoY/RwJvZwf13fqnLcmIA4iI8cDf1beUVm1JvdgIL/
+5Pbxyh2sAzyk/DIFD6yCQUacBKkR3EAXPG9gm5jebjHOU+gxSt69e3jgA1BvuoS5
+S3xLePrZnGZuPjM2PQX6LW1wWBtNlhbqWAkyeL3YwEwv2FjluFqALB/He/MaNly3
+UXFULImo8C/2UF9y9hgoSuamFqlKtgaNBUlqNPxX0EQmyCuqBEGYaouZ2TzPfZ44
+Jf6p6sQZeEmklEIDkaC9DvAGU7DPRfxolLpYHvdHQTwnjKMbFkg7FSAzzdNiKKeR
+nEnCkaofA2FASfQaZvOkewACaZfqJ1FCSsoetYq2Ulf8o1f8j/QM+JIq4p0DIybz
+4gsBmg05xufNiZNqZrrFc0/HcZkT3ahgtY+TMzU8d0hAS7roFNlM2lpaE69HJeTZ
+rhRO7/VAU2Kb0bQI5UWe4yfvbPBmmaxw06lPahlBAEgqeULwfVWBPafjSyq8vPag
+9RzpwSASqL6dv89qdOPE0JioA9xZ3cemlVOgqzd04AkdnDf3flGCJa6O9BujGm72
+8t0TmXLstK7YNaxQYA==
+-----END ENCRYPTED PRIVATE KEY-----
diff --git a/autotests/misc/certs/cert-client-key-v2-des-ede3.pem b/autotests/misc/certs/cert-client-key-v2-des-ede3.pem
new file mode 100644
index 00000000..e94d345b
--- /dev/null
+++ b/autotests/misc/certs/cert-client-key-v2-des-ede3.pem
@@ -0,0 +1,30 @@
+-----BEGIN ENCRYPTED PRIVATE KEY-----
+MIIFDjBABgkqhkiG9w0BBQ0wMzAbBgkqhkiG9w0BBQwwDgQIVG6rLrQ+fVgCAggA
+MBQGCCqGSIb3DQMHBAizDQ76m4Q4ZQSCBMh50R/dRYR4agewBCpNNVYIHV/wotfZ
+PhhwcJQFZMmp50rCI9rh13w8TSr+KDreXTY+XzvqFS7fbB0JV3QWlv2wvqkAFXoJ
+CYlE40WXg5Qd2H849IyLEil8J5mvoZohDZYNk82zi+PSvkvxJ8d1RJIiHHhmReeC
+0+rDHd9C+Xr2MVBOMA+gimx/P3qtS4jI0qjmzyUiorHa9lvY5qzxbMibi4mEAjBy
+VWviWHszpCwKVapODFlG2r5R2wvmhp4GUGSigi7KtL7hijEbsh4CW2RqYLR733Nx
+WdsyIc4sD3908ttfQSmsSt6vchAMkelwFizGSEFLMsCne3MGjVsLpVitg6nswl6N
+pvngZu0zaggWFVPRIt+vIimeHrujzoiUuzDizjOVzCiyRkrFuJEMwN3l/AaSxUiG
+lOWga1Eb+McH3oJNU1WtrL7gDwfmKFc26D7xNMnGLcdYxfM1F98XfM3FVswaHdC7
+0uTmEmMdhpoNw4CWai37NpigW01cDnxMMpFuX0yTU8GUU/JkBgZ4NHE1sTZrFiOf
+mMr83waumMGwwChhZAd1qDRB35c1HLvVqBt3HkdcyCZP1JBxG4QLrw7IVzG+knlj
+QdrBC/lDNA15wG27v5hRUVEoeFRJkOllUlSqfh0PmJw2t32BP8dS6EsM8eTpnQ7R
+ysqO5CVZ3WTNFwIZ7wD8zmaBOamkZ1OzOluYFL5sBHGRM05pSEsYOivsi7tlp5Gj
+ZQjR+qSKLT34R4QxWhziWgNC/ynjVuWNWX67p1T/ngsM9kGa6cm84XbHQL7CqUyX
+H7vOWtWHGCclS1Ori5vjFP8/qdOVGMpiKnX8HvoBv6zxJvfMYNAz39MMewlfHdCa
+vEvBVwxLYRxbaL1IGNUebXVyn7JNRhuDm1SDNU1ADj8GW4AL5+22D9xArz8Lnkrj
++lvHm1NMIckciFYHraKmIPeJLiLIxDJ1SX+WgJGLo+P0W2TJLHAnQl5a1KzJOsIq
+/y35Q4mFLX0JE4mzAj2S1bsVate4FZpnKqVT0mfN5/UPSnQOpJKRSTYV9QJm1mGb
+gtdvwSvSniyjSSP/MAB+M7C0N4syC4N4sXYXJTKcM3CN/tN4ASycpkWRvXXLWRsj
+BuQq9z50ojdnx+twu2eG3eYRAGjEW7yOD3GHPQOtCx3IQDptmzYf2v4rk9x+IFfT
+L0ZfmyVevXgm9zjHI9s64Ok1g/6SL8lO+wszfjDs1zEgrMRfoVoKOBrWN7fYKiKi
+GBUeaZ9HgcM1ha/a63N1LPK9OPR2w4qh+DpCLpfvhzZN6IRv1oFddws8jwye1pJb
+1Po33NxHUfsOTX+lpc61NOEua7s3/Wu5gm0jBrX5c/aKCfXMsJHzW+0wl4SAXDog
+3Cl29/NAMSQDpQP9A91QSwHYkyzk4rBLcrbx6bQfFSHOqdl2dto+UJfiz+5PzD7s
+I7k72LGzrfIOq4brLbrLIGwj/ani/vvSZnXYzx3uUeP9w1EZSgNKC9HLBW7lyav3
+IlY7HAO2GMVlIdzynHPT3wMXtLqf/ykO+tkrEF4LjOu9r+cdhCxHum22vlgZKL7J
+J044ViKBro0CWL1wajpFQOvG/BG4VDJ/dfGee0iBr4R+CIkaUwVTCdRsibyZRM8E
+FL0=
+-----END ENCRYPTED PRIVATE KEY-----
diff --git a/autotests/testEAP-TLS/connection_test.py b/autotests/testEAP-TLS/connection_test.py
index 172e3f55..816b04e3 100644
--- a/autotests/testEAP-TLS/connection_test.py
+++ b/autotests/testEAP-TLS/connection_test.py
@@ -6,14 +6,26 @@ import sys
 sys.path.append('../util')
 import iwd
 from iwd import IWD
+from iwd import PSKAgent
 from iwd import NetworkType
 import testutil
+import hostapd
 
 class Test(unittest.TestCase):
 
-    def test_connection_success(self):
+    def do_test_connection_success(self, ssid, passphrase=None):
         wd = IWD()
 
+        if passphrase:
+            psk_agent = PSKAgent(passphrase)
+            wd.register_psk_agent(psk_agent)
+
+        hostapd_ifname = None
+        for ifname in hostapd.hostapd_map:
+            if ssid + '.conf' in hostapd.hostapd_map[ifname].config:
+                hostapd_ifname = ifname
+                break
+
         devices = wd.list_devices();
         self.assertIsNotNone(devices)
         device = devices[0]
@@ -21,15 +33,16 @@ class Test(unittest.TestCase):
         condition = 'not obj.scanning'
         wd.wait_for_object_condition(device, condition)
 
-        device.scan()
-
-        condition = 'not obj.scanning'
-        wd.wait_for_object_condition(device, condition)
+        if not device.get_ordered_networks():
+            device.scan()
+            condition = 'obj.scanning'
+            wd.wait_for_object_condition(device, condition)
+            condition = 'not obj.scanning'
+            wd.wait_for_object_condition(device, condition)
 
         ordered_networks = device.get_ordered_networks()
-        ordered_network = ordered_networks[0]
+        ordered_network = [n for n in ordered_networks if n.name == ssid][0]
 
-        self.assertEqual(ordered_network.name, "ssidEAP-TLS")
         self.assertEqual(ordered_network.type, NetworkType.eap)
 
         condition = 'not obj.connected'
@@ -41,16 +54,30 @@ class Test(unittest.TestCase):
         wd.wait_for_object_condition(ordered_network.network_object, condition)
 
         testutil.test_iface_operstate()
-        testutil.test_ifaces_connected()
+        testutil.test_ifaces_connected(hostapd_ifname, 'wln3')
 
         device.disconnect()
 
         condition = 'not obj.connected'
         wd.wait_for_object_condition(ordered_network.network_object, condition)
 
+        if passphrase:
+            wd.unregister_psk_agent(psk_agent)
+
+    def test_eap_tls(self):
+        self.do_test_connection_success('ssidEAP-TLS')
+
+    def test_eap_tls2(self):
+        self.do_test_connection_success('ssidEAP-TLS2')
+
+    def test_eap_tls3(self):
+        self.do_test_connection_success('ssidEAP-TLS3', 'abc')
+
     @classmethod
     def setUpClass(cls):
         IWD.copy_to_storage('ssidEAP-TLS.8021x')
+        IWD.copy_to_storage('ssidEAP-TLS2.8021x')
+        IWD.copy_to_storage('ssidEAP-TLS3.8021x')
 
     @classmethod
     def tearDownClass(cls):
diff --git a/autotests/testEAP-TLS/hw.conf b/autotests/testEAP-TLS/hw.conf
index 0cbda377..44cd4239 100644
--- a/autotests/testEAP-TLS/hw.conf
+++ b/autotests/testEAP-TLS/hw.conf
@@ -1,6 +1,8 @@
 [SETUP]
-num_radios=2
+num_radios=4
 tmpfs_extra_stuff=../misc/certs
 
 [HOSTAPD]
 rad0=ssidEAP-TLS.conf
+rad1=ssidEAP-TLS2.conf
+rad2=ssidEAP-TLS3.conf
diff --git a/autotests/testEAP-TLS/ssidEAP-TLS2.8021x b/autotests/testEAP-TLS/ssidEAP-TLS2.8021x
new file mode 100644
index 00000000..8314e7f7
--- /dev/null
+++ b/autotests/testEAP-TLS/ssidEAP-TLS2.8021x
@@ -0,0 +1,7 @@
+[Security]
+EAP-Method=TLS
+EAP-TLS-CACert=/tmp/certs/cert-ca.pem
+EAP-TLS-ClientCert=/tmp/certs/cert-client.pem
+EAP-TLS-ClientKey=/tmp/certs/cert-client-key-md5-des.pem
+EAP-TLS-ClientKeyPassphrase=abc
+EAP-Identity=abc@example.com
diff --git a/autotests/testEAP-TLS/ssidEAP-TLS2.conf b/autotests/testEAP-TLS/ssidEAP-TLS2.conf
new file mode 100644
index 00000000..ebb0f36b
--- /dev/null
+++ b/autotests/testEAP-TLS/ssidEAP-TLS2.conf
@@ -0,0 +1,12 @@
+hw_mode=g
+channel=2
+ssid=ssidEAP-TLS2
+
+wpa=3
+wpa_key_mgmt=WPA-EAP
+ieee8021x=1
+eap_server=1
+eap_user_file=/tmp/certs/eap-user-tls.text
+ca_cert=/tmp/certs/cert-ca.pem
+server_cert=/tmp/certs/cert-server.pem
+private_key=/tmp/certs/cert-server-key.pem
diff --git a/autotests/testEAP-TLS/ssidEAP-TLS3.8021x b/autotests/testEAP-TLS/ssidEAP-TLS3.8021x
new file mode 100644
index 00000000..f0e2dddd
--- /dev/null
+++ b/autotests/testEAP-TLS/ssidEAP-TLS3.8021x
@@ -0,0 +1,6 @@
+[Security]
+EAP-Method=TLS
+EAP-TLS-CACert=/tmp/certs/cert-ca.pem
+EAP-TLS-ClientCert=/tmp/certs/cert-client.pem
+EAP-TLS-ClientKey=/tmp/certs/cert-client-key-v2-des-ede3.pem
+EAP-Identity=abc@example.com
diff --git a/autotests/testEAP-TLS/ssidEAP-TLS3.conf b/autotests/testEAP-TLS/ssidEAP-TLS3.conf
new file mode 100644
index 00000000..ebbeab13
--- /dev/null
+++ b/autotests/testEAP-TLS/ssidEAP-TLS3.conf
@@ -0,0 +1,12 @@
+hw_mode=g
+channel=3
+ssid=ssidEAP-TLS3
+
+wpa=3
+wpa_key_mgmt=WPA-EAP
+ieee8021x=1
+eap_server=1
+eap_user_file=/tmp/certs/eap-user-tls.text
+ca_cert=/tmp/certs/cert-ca.pem
+server_cert=/tmp/certs/cert-server.pem
+private_key=/tmp/certs/cert-server-key.pem