如何配置我的wpa_supplicant来匹配它们？

I think a good starting place to fix this problem is the FreeBSD Manpage for wpa_supplicant.conf, which presents several examples, one of which is:

# work network; use EAP-TLS with WPA; allow only CCMP and TKIP ciphers
network={
ssid="work"
scan_ssid=1
key_mgmt=WPA-EAP
pairwise=CCMP TKIP
group=CCMP TKIP
eap=TLS
identity="[email protected]"
ca_cert="/etc/cert/ca.pem"
client_cert="/etc/cert/user.pem"
private_key="/etc/cert/user.prv"
private_key_passwd="password"
}

This differs from your version of it in two key ways: there is a reference to AES encryption which was missing in your file (it is the CCMP mode, which is based on AES), and requires the existence of certificates. This last part is what leaves me befuddled in your Windows mask: in it there is no reference whatsoever to an authentication mechanism. There is no room for passwords (fair enough, it would not be WPA-EAP otherwise), but there is also no mention of certificates, which is what TLS needs.

In fact, from Wikipedia's page on TLS,

Transport Layer Security (TLS) .... use[s] X.509 certificates... As a consequence of choosing X.509 certificates, certificate authorities and a public key infrastructure are necessary to verify the relation between a certificate and its owner, as well as to generate, sign, and administer the validity of certificates...

In other words, since your Windows mask is adamant that TLS is being used, somewhere there must be the certificates referred to in the wpa_supplicant.conf file I quoted above. I cannot go beyond this point.

Edit:

to address joelmaranhao's latest question, I quote again from FreeBSD Manpage for wpa_supplicant.conf:

证书某些EAP身份验证方法要求使用证书。EAP-TLS同时使用服务器端和客户端证书，而EAP-PEAP和EAP-TTLS仅需要服务器端证书。

编辑n。2：

.CER证书必须转换为.PEM格式。您甚至可以在这里在线进行。新的wpa_supplicant.conf中的最后一行正是此证书的位置。身份是您在服务器上的名称，密码又是您在wifi服务器上的密码。您确定peal标签为0吗？我在任何地方都找不到它，如果不起作用，请尝试使用peap-label = 1。