If an EAP-TLS authentication doesn't make it to the end (if it is either rejected or aborted), the encryption keys are not exchanged and the connection will never be established.
Basic wireless authentication is open, WPA3-OWE, WEP, WPA-PSK, WPA2-PSK, WPA3-SAE, WPA-Enterprise, WPA2-Enterprise, WPA3-Enterprise. All can be with or without a captive portal. And I may have missed even some. WPA3 is not widely supported yet on the client side.
Then on the Enterprise authentication, that is based on EAP which has many variants of which only EAP-PEAP-MSCHAPv2 and EAP-TLS are widely supported. For pure LDAP authentication, you will need EAP-GTC, but that is not widely supported. EAP-SIM/EAP-AKA is sometimes used in Service Provider networks. I think this Wikipedia page has a pretty good overview.