wpa_supplicant: configuring opportunistic WPA3

Michele Guerini Rocco rnhmjoj at eurofusion.eu
Tue Dec 28 02:38:15 PST 2021

Hi all,

I'm the maintainer of the NixOS module[^1] for wpa_supplicant.
I'd like to know if it's possible to write a network block that will
always work for to both WPA2 and WPA3 networks. Based on the
documentation I wrote:

    key_mgmt=SAE WPA-PSK

This seem to work:
  1. if the network is mixed SAE WPA-PSK, wpa_supplicant uses SAE
  2. if the network is WPA-PSK or SAE only, wpa_supplicant uses that
However, if (in case 1.) SAE fails for some reason, wpa_supplicant
will not fallback to WPA-PSK but keep trying SAE forever.
This is an issue, for example, if the hardware lacks PMF support.

Is there a way to configure SAE opportunistically? Try SAE first,
if it succeeds use that, otherwise try another protocol.

Thank you,


[^1]: If you never heard of NixOS, that is basically a high-level
interface for generating wpa_supplicant config file.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 228 bytes
Desc: not available
URL: <http://lists.infradead.org/pipermail/hostap/attachments/20211228/377416d5/attachment.sig>

More information about the Hostap mailing list