[openwrt/openwrt] wifi-scripts: ucode: allow sae_pwe to be modified for AP mode

LEDE Commits lede-commits at lists.infradead.org
Sat Feb 14 16:28:20 PST 2026 

hauke pushed a commit to openwrt/openwrt.git, branch openwrt-25.12:
https://git.openwrt.org/b7c9051debc45730003876bf83e540bed8de1aa1

commit b7c9051debc45730003876bf83e540bed8de1aa1
Author: Rany Hany <rany_hany at riseup.net>
AuthorDate: Sat Feb 14 17:25:34 2026 +0000

    wifi-scripts: ucode: allow sae_pwe to be modified for AP mode
    
    Some Android devices have issues with H2E causing downgrades to PSK
    when using WPA2/3. With WPA3 it doesn't work reliably whatsoever.
    
    My Samsung A55/6 for example has the following behavior:
    
    daemon.info hostapd: lan5g: STA <redacted> IEEE 802.11: authenticated
    daemon.notice hostapd: SAE: <redacted> indicates support for SAE H2E, but did not use it
    daemon.info hostapd: lan2g: STA <redacted> IEEE 802.11: authenticated
    daemon.info hostapd: lan2g: STA <redacted> IEEE 802.11: associated (aid 1)
    daemon.notice hostapd: lan5g: Prune association for <redacted>
    daemon.notice hostapd: lan2g: AP-STA-CONNECTED <redacted> auth_alg=open
    daemon.info hostapd: lan2g: STA <redacted> RADIUS: starting accounting session 8234C696AAC1AE7D
    daemon.info hostapd: lan2g: STA <redacted> WPA: pairwise key handshake completed (RSN)
    daemon.notice hostapd: lan2g: EAPOL-4WAY-HS-COMPLETED <redacted>
    
    This is also brought up in the issue: https://github.com/openwrt/openwrt/issues/9963
    
    Ultimately this allows users to have the option to at the very least
    disable H2E.
    
    Unrelated: a minor cleanup was done so that ieee80211w uses set_default instead.
    There is no functional change on that front.
    
    Signed-off-by: Rany Hany <rany_hany at riseup.net>
    Link: https://github.com/openwrt/openwrt/pull/22021
    Signed-off-by: Hauke Mehrtens <hauke at hauke-m.de>
    (cherry picked from commit 70ba7512e7fc434fabc02487a46e2637a86c614e)
---
 .../config/wifi-scripts/files-ucode/usr/share/ucode/wifi/ap.uc     | 7 +++----
 1 file changed, 3 insertions(+), 4 deletions(-)

diff --git a/package/network/config/wifi-scripts/files-ucode/usr/share/ucode/wifi/ap.uc b/package/network/config/wifi-scripts/files-ucode/usr/share/ucode/wifi/ap.uc
index 5771e0e2df..5ae4de48d9 100644
--- a/package/network/config/wifi-scripts/files-ucode/usr/share/ucode/wifi/ap.uc
+++ b/package/network/config/wifi-scripts/files-ucode/usr/share/ucode/wifi/ap.uc
@@ -86,17 +86,16 @@ function iface_auth_type(config) {
 		config.ieee80211w = 2;
 		config.sae_require_mfp = 1;
 		if (!config.ppsk)
-			config.sae_pwe = 2;
+			set_default(config, 'sae_pwe', 2);
 	}
 
 	if (config.auth_type in [ 'psk-sae', 'eap-eap2' ]) {
-		if (!config.ieee80211w)
-			config.ieee80211w = 1;
+		set_default(config, 'ieee80211w', 1);
 		if (config.rsn_override)
 			config.rsn_override_mfp = 2;
 		config.sae_require_mfp = 1;
 		if (!config.ppsk)
-			config.sae_pwe = 2;
+			set_default(config, 'sae_pwe', 2);
 	}
 
 	if (config.own_ip_addr)

More information about the lede-commits mailing list