Possible to disable SAE and force WPA2-PSK-AES on wpa_supplicant v2.10?
Kennedy, Smith Wireless & IPP Standards
smith.kennedy at hp.com
Fri Mar 17 16:36:43 PDT 2023
> On Mar 16, 2023, at 6:15 PM, Theron Spiegl <theron at nnter.net> wrote:
>
> CAUTION: External Email Hi, I'm using a Qualcomm Atheros QCA6174 with wpa_supplicant v2.10. When I start a hotspot with the commands below, it can be joined by most devices (Linux, Windows, iOS) but not an M1 MacBook Pro. I've determined that this is because of SAE/WPA3 support: if I run macOS's `airport` CLI utility, I see that the wpa_supplicant 2.10 hotspot offers `WPA(PSK/AES/AES) RSN(PSK,PSK-SHA256,SAE/AES/AES)` in the Security column. When I use wpa_supplicant 2.9, it offers `WPA(PSK/AES/AES) RSN(PSK,PSK-SHA256/AES/AES)`, and the MacBook can join.
I don't know if I'm interpreting this correctly but what you are describing seems to indicate that hostapd 2.10 is presenting WPA Personal / WPA2 Personal / WPA3 Personal, which is a configuration that a properly implemented (and perhaps Wi-Fi Alliance certified) STA should or could reject as invalid. Wi-Fi Alliance WPA3 Personal Transition Mode specifically disallows the AP to support WPA Personal in addition to WPA3 Personal (SAE) / WPA2 Personal (PSK).
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: Message signed with OpenPGP
URL: <http://lists.infradead.org/pipermail/hostap/attachments/20230317/3501ab50/attachment-0001.sig>
More information about the Hostap
mailing list