problem with wpa_supplicant 2.10

Thu Mar 31 03:19:30 PDT 2022

Thanks for the quick reply. My wifi router is set to accept both TKIP
and AES so I thought that wpa_supplicant and the router would negotiate
to use AES in this case, instead of refusing to connect. Gentoo has a
way of letting me mess with build flags that I suppose controls
CONFIG_NO_TKIP and, this way, 2.10 is now working for me.

However, if I wanted to run wpa_supplicant with TKIP disabled, I would
still expect it to connect to an AP that allows both AES and TKIP.

Thanks again for the help & best regards
-Mathias

On 3/31/22 9:21 AM, Masashi Honma wrote:
>> I have no idea what an "invalid group cipher 0x8" is and how to debug
>> that.
>
> The message is printed because the Wi-Fi Access point is using TKIP as
> group cipher.
>
> Unfortunately Wi-Fi alliance does not recommends TKIP because it no
> longer provides sufficient security.
> https://www.wi-fi.org/download.php?file=/sites/default/files/private/Wi-Fi_Alliance_Technical_Note_TKIP_v1.0.pdf
>
> So we recommed to configure the Wi-Fi Accesss point not use TKIP for
> group cipher.
> Or, you can rebuild wpa_supplicant without CONFIG_NO_TKIP.
>
> Regards,
> Masashi Honma.
>
> 2022年3月31日(木) 4:21 Mathias <mathiaswe at gmx.de>:
>>
>> Hello,
>> recently, the distribution I'm entrusting my Linux system to (Gentoo)
>> decided to no longer support wpa_supplicant 2.9, so I was forced to
>> switch to 2.10. However, 2.10 could no longer connect to my wifi (a
>> simple WPA2-PSK 5GHz found in almost every household these days). I
>> confirmed that switching back to 2.9 fixed the issue (took some
>> tinkering to make Gentoo behave). I will attach a the log files for the
>> broken 2.10 and working 2.9 (my interface is called "wifi" and my
>> network SSID is "lufthaufen_5Ghz"). In particular, observe that 2.10
>> claims that a "parse failed":
>>
>>> wifi: 0: f4:6b:ef:6a:28:6f ssid='lufthaufen_5GHz' wpa_ie_len=26 rsn_ie_len=24 caps=0x1111 level=-69 freq=5200  wps
>>> wpa_parse_wpa_ie_rsn: invalid group cipher 0x8 (000fac02)
>>> wpa_parse_wpa_ie_rsn: invalid group cipher 0x8 (000fac02)
>>> wifi:    skip RSN IE - parse failed
>>> wifi:    skip WPA IE - GTK cipher mismatch
>>> wifi:    reject due to mismatch with WPA/WPA2
>>
>> While 2.9 manages to parse just fine:
>>
>>> wifi: Radio work 'scan'@0x55f363c95ca0 done in 3.293043 seconds
>>> wifi: radio_work_free('scan'@0x55f363c95ca0): num_active_works --> 0
>>> wifi: Selecting BSS from priority group 0
>>> wifi: 0: f4:6b:ef:6a:28:6f ssid='lufthaufen_5GHz' wpa_ie_len=26 rsn_ie_len=24 caps=0x1111 level=-61 freq=5200  wps
>>> wifi:    selected based on RSN IE
>>> wifi:    selected BSS f4:6b:ef:6a:28:6f ssid='lufthaufen_5GHz'
>>
>> I have no idea what an "invalid group cipher 0x8" is and how to debug
>> that. Might I take this opportunity and suggest printing more
>> informative error messages in the logs? :)
>>
>> thanks, cheers and best regards
>> -Mathias
>>
>> PS: my wifi board is and I am running kernel version 5.10
>>> 07:00.0 Network controller [0280]: Intel Corporation Dual Band Wireless-AC 3165 Plus Bluetooth [8086:3166] (rev 99)
>>>       Subsystem: Intel Corporation Dual Band Wireless-AC 3165 [8086:4210]
>>>       Flags: bus master, fast devsel, latency 0, IRQ 143
>>>       Memory at a4300000 (64-bit, non-prefetchable) [size=8K]
>>>       Capabilities: [c8] Power Management version 3
>>>       Capabilities: [d0] MSI: Enable+ Count=1/1 Maskable- 64bit+
>>>       Capabilities: [40] Express Endpoint, MSI 00
>>>       Capabilities: [100] Advanced Error Reporting
>>>       Capabilities: [140] Device Serial Number 1c-1b-b5-ff-ff-91-45-ba
>>>       Capabilities: [14c] Latency Tolerance Reporting
>>>       Capabilities: [154] L1 PM Substates
>>>       Kernel driver in use: iwlwifi
>>>       Kernel modules: iwlwifi
>>
>> _______________________________________________
>> Hostap mailing list
>> Hostap at lists.infradead.org
>> http://lists.infradead.org/mailman/listinfo/hostap