From efaa6256e2c25f4005e753f0848038af21989164 Mon Sep 17 00:00:00 2001 From: Jouni Malinen Date: Mon, 23 Dec 2019 10:48:09 +0200 Subject: [PATCH] More detailed documentation on ieee80211w configuration parameter Signed-off-by: Jouni Malinen --- hostapd/hostapd.conf | 6 ++++++ wpa_supplicant/wpa_supplicant.conf | 3 ++- 2 files changed, 8 insertions(+), 1 deletion(-) diff --git a/hostapd/hostapd.conf b/hostapd/hostapd.conf index f71e83e51..263a04e8f 100644 --- a/hostapd/hostapd.conf +++ b/hostapd/hostapd.conf @@ -1659,6 +1659,12 @@ own_ip_addr=127.0.0.1 # 1 = optional # 2 = required #ieee80211w=0 +# The most common configuration options for this based on the PMF (protected +# management frames) certification program are: +# PMF enabled: ieee80211w=1 and wpa_key_mgmt=WPA-EAP WPA-EAP-SHA256 +# PMF required: ieee80211w=2 and wpa_key_mgmt=WPA-EAP-SHA256 +# (and similarly for WPA-PSK and WPA-PSK-SHA256 if WPA2-Personal is used) +# WPA3-Personal-only mode: ieee80211w=2 and wpa_key_mgmt=SAE # Group management cipher suite # Default: AES-128-CMAC (BIP) diff --git a/wpa_supplicant/wpa_supplicant.conf b/wpa_supplicant/wpa_supplicant.conf index ba511b9cb..328f91a97 100644 --- a/wpa_supplicant/wpa_supplicant.conf +++ b/wpa_supplicant/wpa_supplicant.conf @@ -955,7 +955,8 @@ fast_reauth=1 # management frames) certification program are: # PMF enabled: ieee80211w=1 and key_mgmt=WPA-EAP WPA-EAP-SHA256 # PMF required: ieee80211w=2 and key_mgmt=WPA-EAP-SHA256 -# (and similarly for WPA-PSK and WPA-WPSK-SHA256 if WPA2-Personal is used) +# (and similarly for WPA-PSK and WPA-PSK-SHA256 if WPA2-Personal is used) +# WPA3-Personal-only mode: ieee80211w=2 and key_mgmt=SAE # # ocv: whether operating channel validation is enabled # This is a countermeasure against multi-channel man-in-the-middle attacks.