This is incorrect. PEAP-EAP-TLS encrypts the EAP-TLS certificate transfer with a PEAP Tunnel. Certificates are still required on both the client and server. There is just added security of a TLS tunnel prior to certificate exchange. PEAP-EAP-MSCHAPv2...