Bug#1003907: fails to successfully associate

Michael Biebl biebl at debian.org
Mon Mar 21 03:25:48 PDT 2022

Some more data points:

Disabling NetworkManager completely and using wpasupplicant alone with 
the following config:


does indeed work.

As soon as I enable NetworkManager though, my connection fails, even 
though /etc/NetworkManager/system-connections/wgrouter.nmconnection


In journalctl -u NetworkManager I see

Mär 21 11:15:07 pluto NetworkManager[2450]: <info>  [1647857707.7752] 
Config: added 'key_mgmt' value 'WPA-PSK WPA-PSK-SHA256 FT-PSK SAE FT-SAE'

Ľubomír, is there a way how I can tell NetworkManager to *not* use SAE?

Am 21.03.22 um 09:38 schrieb Andrej Shadura:
> Hi,
> On Sun, 20 Mar 2022, at 00:23, Masashi Honma wrote:
>> In my opinion, this issue could be closed.
>> These are reasons.
>> 1) It is not wpa_supplicant issue but AP issue.
>> 2) Users affected by this issue have some workarounds.
> It’s true, but I’m not quite happy about not being able to fix this.
> Ľubomír (cc'ed), how did you deal with this issue in Fedora? I assume you must also have received reports from Fritzbox users.
>> Details of the 1)
>> The investigation has revealed that the AP is in violation of "2.3
>> WPA3-Personal transition mode" of the "WPA3 Specification v3.0", which
>> is causing the issue. Specifically, the target AP is setting MFPR to 1
>> even though it implicitly requires IEEE 802.11w. By "implicitly" we
>> mean that the Assocation Request fails with WLAN_STATUS_INVALID_IE
>> when using a Wi-Fi NIC with IEEE 802.11w disabled.
>> Details of the 2)
>> We know that users who meet the following conditions are affected by this issue.
>> - Using FRITZ!Box 7580/7590 with WPA2+WPA3 mode

I've tested it with both 7490 and 7530 AX, fwiw.

>> - Using wpa_supplicant with wpa_key_mgmt=SAE WPA-PSK
>> - Local Wi-Fi NIC does not support IEEE802.11w
>> Users affected by this issue can work around the issue in one of the
>> following ways.
>> - Use wpa_supplicant with WPA2 only mode (specify wpa_key_mgmt=WPA-PSK)
>> - Use FRITZ!Box 7580/7590 with WPA2 only mode
>> - Use IEEE 802.11w supporting Wi-Fi NIC

Masashi, if I understand you correctly, you argue that this is an issue 
with the AP (or its firmware).

If so, should the company AVM be contacted about this?
I'm afraid I'm not too knowledgeable in that regard.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_signature
Type: application/pgp-signature
Size: 840 bytes
Desc: OpenPGP digital signature
URL: <http://lists.infradead.org/pipermail/hostap/attachments/20220321/fa673d72/attachment.sig>

More information about the Hostap mailing list