Reg H2E without password identifier
Jouni Malinen
j at w1.fi
Thu Mar 11 17:33:46 GMT 2021
On Wed, Mar 10, 2021 at 11:34:19PM +0000, RAGHAVENDRA SADARAMACHANDRA (rsadaram) wrote:
> I am running latest hostapd in H2E only mode using following hostapd.conf.
> ….
> sae_pwe=1
> sae_groups=19
> sae_password=example secret
>
> Latest Wpa_supplicant is not connecting to H2E only mode AP, if I use wpa_supplicant.conf with only “sae_password=example secret”
Are you leaving the sae_pwe to its default value, i.e., H2E disabled, in
wpa_supplicant configutation?
> Wpa_supplicant throws:
> 1615416250.587683: wlp5s0: Selecting BSS from priority group 0
> 1615416250.587690: wlp5s0: 0: f8:a2:d6:bc:d0:51 ssid='raghu-test-h2e' wpa_ie_len=0 rsn_ie_len=20 caps=0x411 level=-39 freq=2437
> 1615416250.587700: wlp5s0: selected based on RSN IE
> 1615416250.587704: wlp5s0: SAE H2E disabled
> 1615416250.587708: wlp5s0: skip - rate sets do not match
This indicates that wpa_supplicant has SAE H2E disabled and cannot join
the network that mandates use of H2E.
> If I use password identifier then it works. Following config works.
> Hostapd.conf:
> sae_password=example secret|id=pw identifier
>
> wpa_supplicant.conf:
> sae_password="example secret"
> sae_password_id="pw identifier"
Specifying SAE Password Identifier will automatically enable H2E since
the standard allows password identifier to be used only with H2E.
> Is there a way to test wpa_supplicant and hostapd without using pwd identifier?
Yes, you'll just need to enable SAE H2E in wpa_supplicant configuration
(sae_pwe=1 or sae_pwe=2).
--
Jouni Malinen PGP id EFC895FA
More information about the Hostap
mailing list