Dealing with retransmitted EAPOL msg 3/4 and 4/4

Mathy Vanhoef vanhoefm at
Wed Mar 8 06:32:52 PST 2017

Thanks for the info.

On Wed, Mar 8, 2017 at 12:59 PM, Jouni Malinen <j at> wrote:
>> Linux allows unencrypted EAPOL frames, even if keys have been set. See
>> the function ieee80211_frame_allowed:
>> So the
>> client will receive the retransmitted 3/4. At least on Linux. While
>> this behavior may not be explicitly allowed by the standard, it does
>> not pose any (security) issues (AFIAK?). EAPOL frames are protected on
>> their own.
> That is needed for WPA, but with WPA2 (= RSN), unencrypted EAPOL frames
> are not supposed to be accepted after TK has been configured.

Interesting. Is it needed for some specific reason for WPA, or was it
just a requirement of the older WPA standard?

More information about the Hostap mailing list