Possible to disable SAE and force WPA2-PSK-AES on wpa_supplicant v2.10?

Kennedy, Smith Wireless & IPP Standards smith.kennedy at hp.com
Fri Mar 17 16:36:43 PDT 2023

> On Mar 16, 2023, at 6:15 PM, Theron Spiegl <theron at nnter.net> wrote:
> CAUTION: External Email Hi, I'm using a Qualcomm Atheros QCA6174 with wpa_supplicant v2.10. When I start a hotspot with the commands below, it can be joined by most devices (Linux, Windows, iOS) but not an M1 MacBook Pro. I've determined that this is because of SAE/WPA3 support: if I run macOS's `airport` CLI utility, I see that the wpa_supplicant 2.10 hotspot offers `WPA(PSK/AES/AES) RSN(PSK,PSK-SHA256,SAE/AES/AES)` in the Security column. When I use wpa_supplicant 2.9, it offers `WPA(PSK/AES/AES) RSN(PSK,PSK-SHA256/AES/AES)`, and the MacBook can join.

I don't know if I'm interpreting this correctly but what you are describing seems to indicate that hostapd 2.10 is presenting WPA Personal / WPA2 Personal / WPA3 Personal, which is a configuration that a properly implemented (and perhaps Wi-Fi Alliance certified) STA should or could reject as invalid. Wi-Fi Alliance WPA3 Personal Transition Mode specifically disallows the AP to support WPA Personal in addition to WPA3 Personal (SAE) / WPA2 Personal (PSK).

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: Message signed with OpenPGP
URL: <http://lists.infradead.org/pipermail/hostap/attachments/20230317/3501ab50/attachment-0001.sig>

More information about the Hostap mailing list