On Wed, Dec 28, 2016 at 02:16:00PM +0100, Stijn Tintel wrote: > This series adds support for SHA256-based key management algorithms in > hostapd and wpa_supplicant. The algorithms are part of the 802.11w standard, > so they are only enabled when 802.11w is enabled. Due to this, they are > not available in the -mini build variants. > > While it is recommended to only allow SHA256-based algorithms when 802.11w is > required, the standard does not require this. It also breaks existings setups > with ieee80211w=2 for clients that do not support SHA256-based algorithms, > so leave SHA1-based enabled algorithms for now. It might not make much sense, > but it does protect against simple deauth attacks. > > Tested with WPA-PSK on ath5k AP with ath9k STA, and vice versa. When both the > hostapd and wpa_supplicant config have (wpa_)key_mgmt=WPA-PSK WPA-PSK-SHA256, > the SHA256 variant is used. > > Series is also available in my staging tree: > https://git.lede-project.org/?p=lede/stintel/staging.git;a=summary > > Stijn Tintel (3): > wpa_supplicant: rework wpa_key_mgmt handling > hostapd: add function to handle wpa_key_mgmt > hostapd: enable SHA256-based algorithms > > package/network/services/hostapd/files/netifd.sh | 32 > +++++++++++++----------- > 1 file changed, 17 insertions(+), 15 deletions(-) > > -- > 2.10.2 > > > _______________________________________________ > Lede-dev mailing list > Lede-dev@lists.infradead.org > http://lists.infradead.org/mailman/listinfo/lede-dev
Tested-by Sebastian Kemper <sebastian...@gmx.net> With ieee80211w enabled the script in hostapd-common changed the configuration file to include wpa_key_mgmt=WPA-PSK WPA-PSK-SHA256 instead of just WPA-PSK. Different clients with support for ieee80211w and without support for it were able to connect to 2.4GHz and 5GHz radios. Kind regards, Sebastian _______________________________________________ Lede-dev mailing list Lede-dev@lists.infradead.org http://lists.infradead.org/mailman/listinfo/lede-dev