wpa_supplicant: configuring opportunistic WPA3
Michele Guerini Rocco
rnhmjoj at eurofusion.eu
Tue Dec 28 02:38:15 PST 2021
Hi all,
I'm the maintainer of the NixOS module[^1] for wpa_supplicant.
I'd like to know if it's possible to write a network block that will
always work for to both WPA2 and WPA3 networks. Based on the
documentation I wrote:
network={
ssid="mynetwork"
psk="mypassword"
key_mgmt=SAE WPA-PSK
ieee80211w=1
}
This seem to work:
1. if the network is mixed SAE WPA-PSK, wpa_supplicant uses SAE
2. if the network is WPA-PSK or SAE only, wpa_supplicant uses that
However, if (in case 1.) SAE fails for some reason, wpa_supplicant
will not fallback to WPA-PSK but keep trying SAE forever.
This is an issue, for example, if the hardware lacks PMF support.
Is there a way to configure SAE opportunistically? Try SAE first,
if it succeeds use that, otherwise try another protocol.
Thank you,
rnhmjoj
[^1]: If you never heard of NixOS, that is basically a high-level
interface for generating wpa_supplicant config file.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 228 bytes
Desc: not available
URL: <http://lists.infradead.org/pipermail/hostap/attachments/20211228/377416d5/attachment.sig>
More information about the Hostap
mailing list