[PATCH] Handling RSN Overriding for MLO connection
Jouni Malinen
j at w1.fi
Mon Mar 23 08:16:43 PDT 2026
On Mon, Mar 23, 2026 at 11:27:41AM +0000, Roman Stolz wrote:
> Just by review I found a RSNO issue which does not comply with the WPA3 Specification 3.5. By my understanding.
> Rem.: I have no test devices to check this in real.
>
> In detail:
> According to WPA3 v3.5, chapter 14.2. a station, which will establish a multi-link connection, should observe the RSNOE#2 element for the security settings. In case it's not defined, there is no explicit behaviour defined how to proceed with processing the RSN(O)E. This means, from my understanding, the default behaviour should apply. First RSNO#2, second RSNO#1 and least RSNE. This is not reflected by the code. There is an immediate fallback from RSNO#2 to the RSNE.
That is by design. Wi-Fi 7 associations shall use the RSNO2E for RSN
overriding and there is no fallback to the RSNOE. In theory, it would be
possible to fall back to RSNOE by disabling EHT/MLO functionality, but
that should not really be needed in practice with properly configured
APs.
--
Jouni Malinen PGP id EFC895FA
More information about the Hostap
mailing list