[PATCH] wpa_supplicant: Do not associate on 6GHz with invalid AP

Jouni Malinen j at w1.fi
Thu Mar 3 15:00:56 PST 2022

On Fri, Mar 04, 2022 at 12:53:39AM +0200, Andrei Otcheretianski wrote:
> On the 6GHz band the following is not allowed, so do not
> allow association with an AP that advertises support for
> these:
> - Pairwise or group cipher that include WEP/TKIP
> - Support for WPA PSK AKMs
> - Support for SAE AKM without H2E
> In addition do not allow association if the AP does not
> advertise a matching RSN IE or does not declare that
> it is MFP capable.

I can understand the part about rejecting an AP if a mandatory security
option is not available (RSN, SAE without H2E, or WEP/TKIP as the group
cipher), but why would the station need to enforce protocol compliance
for the AP for things like PSK AKMs or pairwise cipher suites that are
enabled on top of the required features? That sounds more like protocol
testing for AP than normal station functionality.
Jouni Malinen                                            PGP id EFC895FA

More information about the Hostap mailing list