[EXTERNAL] Re: Fwd: Pixel6 was not able to connect due to phone indicates support for SAE H2E, but did not use it
sean at plume.com
Sun May 22 21:55:58 PDT 2022
Please refer to the sniffer capture at
Pixel6 mac: 0c:c4:13:14:16:93
The issue usually happens after multiple roaming connections between
our mesh system.
Here is the wpa_supplicant.conf I dumped from Pixel6, assuming that's
the config taken and run in the wifi system
> oriole:/ $ cat /vendor/etc/wifi/wpa_supplicant.conf
If the 802.11 spec mandates H2E when both peers advertised the
support, the issue here sounds more on the Pixel6 then.
On Sun, May 22, 2022 at 6:30 AM Jouni Malinen <j at w1.fi> wrote:
> On Thu, May 19, 2022 at 10:59:58AM -0700, Sean Li wrote:
> > We have a tri-band 6G AP product running hostapd with sae_pwe as 2.
> > We noticed Android Pixel6 was failed to make successful connection due
> > to warning "SAE: 0c:c4:13:14:16:93 indicates support for SAE H2E, but
> > did not use it."
> > From sniffer capture, Pixel6 has status code 0 in AUTH COMMIT message,
> > H2E bit set in (Re)Assoc Req and hostapd returned
> > WLAN_STATUS_UNSPECIFIED_FAILURE in (Re)Assoc Resp.
> Would you be able to share a sniffer capture showing this? Was there any
> configuration option on the station device for enabling SAE H2E?
> > Can we get more context on why hostapd instrument the check below?
> > Is there any spec stating the requirement below?
> > > SAE: Verify that STA negotiated H2E if it claims to support it
> > >
> > > If a STA indicates support for SAE H2E in RSNXE and H2E is enabled in
> > > the AP configuration, require H2E to be used.
> This is mainly to prevent downgrade attacks should there be remaining
> security issues in SAE hunting-and-pecking loop implementations (which
> seems likely, in general, compared to H2E).
> IEEE Std 802.11-2020 has a shall requirement on the STA using H2E if it
> has determined that the peer supports H2E. In case of an infrastructure
> BSS, i.e., whenever connecting to an AP, this would always be the case
> if both devices advertise support for SAE H2E.
> Jouni Malinen PGP id EFC895FA
More information about the Hostap