[PATCH v2] SME: Omit RSNXE for WPA2 connections
Arowa Suliman
arowa at chromium.org
Thu Mar 5 21:10:36 PST 2026
The Robust Security Network eXtended Element (RSNXE) is specific to
WPA3.
Including it in WPA2 handshakes causes authentication failures with some
Access Points, as they do not handle its presence correctly in a WPA2
context.
Known impacted routers: TP-Link EAP320 and TP-Link Archer VR400 and
Test: PASN enabled connect Intel WiFi AX211 to WPA2-PSK network with TP-Link EAP320 router
Signed-off-by: Arowa Suliman <arowa at chromium.org>
---
wpa_supplicant/sme.c | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/wpa_supplicant/sme.c b/wpa_supplicant/sme.c
index a14ff784c..ae47a2a24 100644
--- a/wpa_supplicant/sme.c
+++ b/wpa_supplicant/sme.c
@@ -1047,6 +1047,10 @@ static void sme_send_authentication(struct wpa_supplicant *wpa_s,
wpas_connect_work_done(wpa_s);
return;
}
+ } else if (wpa_s->wpa_proto == WPA_PROTO_RSN &&
+ wpa_key_mgmt_wpa_psk_no_sae(wpa_s->key_mgmt)) {
+ // Omit RSNXE for WPA2-PSK connections to avoid AP compatibility issues.
+ omit_rsnxe |= !wpa_bss_get_rsnxe(wpa_s, bss, ssid, false);
}
#ifdef CONFIG_IEEE80211R
--
2.53.0.473.g4a7958ca14-goog
More information about the Hostap
mailing list