wpa_supplicant/NM fallback to WPA?

Johannes Berg johannes
Tue May 6 12:24:41 PDT 2008

> No, I don't think that would be a good idea. Security policy should be
> to pick the best available (i.e., enabled at both ends) option and stick
> to it.. If you have to live with such a broken AP, I would assume you
> can configure wpa_supplicant to only allow WPA with it.. 

Right, of course I can, or I wouldn't be writing email right now. I'm
more worried about regular users ;)

> By the way, do
> you know which AP this is and could you please get me a debug log
> showing the failure if it actually goes further than association? I
> would like to know why it fails in RSN.

It's an "Arcor-Easy Box A 300 WLAN", no idea what's in that. I'll send
you a log in private, it essentially goes:

WPA: RX message 1 of 4-Way Handshake
WPA: Sending EAPOL-Key 2/4
WPA: RX message 3 of 4-Way Handshake
WPA: IE in 3/4 msg does not match with IE in Beacon/ProbeResp

and simply continues like that.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 828 bytes
Desc: This is a digitally signed message part
Url : http://lists.shmoo.com/pipermail/hostap/attachments/20080506/c90eb651/attachment.pgp 

More information about the Hostap mailing list