From 4732ee3a87a1375fa528f9626c57e3ab41f5f110 Mon Sep 17 00:00:00 2001 From: Jouni Malinen Date: Sat, 5 May 2012 16:48:23 +0300 Subject: [PATCH] Add more documentation for IEEE 802.11w/PMF configuration Signed-hostap: Jouni Malinen --- wpa_supplicant/defconfig | 4 +--- wpa_supplicant/wpa_supplicant.conf | 10 ++++++++++ 2 files changed, 11 insertions(+), 3 deletions(-) diff --git a/wpa_supplicant/defconfig b/wpa_supplicant/defconfig index 625065be6..7f66576fa 100644 --- a/wpa_supplicant/defconfig +++ b/wpa_supplicant/defconfig @@ -321,9 +321,7 @@ CONFIG_BACKEND=file # PeerKey handshake for Station to Station Link (IEEE 802.11e DLS) CONFIG_PEERKEY=y -# IEEE 802.11w (management frame protection) -# This version is an experimental implementation based on IEEE 802.11w/D1.0 -# draft and is subject to change since the standard has not yet been finalized. +# IEEE 802.11w (management frame protection), also known as PMF # Driver support is also needed for IEEE 802.11w. #CONFIG_IEEE80211W=y diff --git a/wpa_supplicant/wpa_supplicant.conf b/wpa_supplicant/wpa_supplicant.conf index e2269542b..6b94c6104 100644 --- a/wpa_supplicant/wpa_supplicant.conf +++ b/wpa_supplicant/wpa_supplicant.conf @@ -411,6 +411,16 @@ fast_reauth=1 # WPA-EAP-SHA256 = Like WPA-EAP but using stronger SHA256-based algorithms # If not set, this defaults to: WPA-PSK WPA-EAP # +# ieee80211w: whether management frame protection is enabled +# 0 = disabled (default) +# 1 = optional +# 2 = required +# The most common configuration options for this based on the PMF (protected +# management frames) certification program are: +# PMF enabled: ieee80211w=1 and key_mgmt=WPA-EAP WPA-EAP-SHA256 +# PMF required: ieee80211w=2 and key_mgmt=WPA-EAP-SHA256 +# (and similarly for WPA-PSK and WPA-WPSK-SHA256 if WPA2-Personal is used) +# # auth_alg: list of allowed IEEE 802.11 authentication algorithms # OPEN = Open System authentication (required for WPA/WPA2) # SHARED = Shared Key authentication (requires static WEP keys)