On 27-12-16 12:57, Stijn Tintel wrote: > While the standard does not require SHA256-based algorithms when PFM is > mandatory, there's not much of a point in keeping the old algorithms > enabled. > > See http://lists.shmoo.com/pipermail/hostap/2014-November/031283.html Please ignore this patch, I am going to drop it for the following reasons:
- When ieee80211w is not defined, wpa_key_mgmt is not added to the hostapd config at all. While I am still able to associate like that, this might cause unexpected behaviour with future hostapd releases. - When ieee80211w=2 and only WPA-PSK-SHA256 is enabled, my OnePlus 2 (Android 6.0.1) is unable to associate. When WPA-PSK is also enabled, it associates fine. So this change has the potential to break existing setups with ieee80211w=2. While it might not make much sense to have WPA-PSK with PMK required, it does protect against a simple deauth attack. Stijn _______________________________________________ Lede-dev mailing list Lede-dev@lists.infradead.org http://lists.infradead.org/mailman/listinfo/lede-dev