diff --git a/src/ap/dpp_hostapd.c b/src/ap/dpp_hostapd.c
index d18d31fd3..df0231ae2 100644
--- a/src/ap/dpp_hostapd.c
+++ b/src/ap/dpp_hostapd.c
@@ -1204,18 +1204,24 @@ hostapd_dpp_rx_pkex_commit_reveal_resp(struct hostapd_data *hapd, const u8 *src,
 void hostapd_dpp_rx_action(struct hostapd_data *hapd, const u8 *src,
 			   const u8 *buf, size_t len, unsigned int freq)
 {
+	u8 crypto_suite;
 	enum dpp_public_action_frame_type type;
 
-	if (len < 1)
+	if (len < 2)
 		return;
-	type = buf[0];
-	buf++;
-	len--;
+	crypto_suite = *buf++;
+	type = *buf++;
+	len -= 2;
 
 	wpa_printf(MSG_DEBUG,
-		   "DPP: Received DPP Public Action frame type %d from "
+		   "DPP: Received DPP Public Action frame crypto suite %u type %d from "
 		   MACSTR " freq=%u",
-		   type, MAC2STR(src), freq);
+		   crypto_suite, type, MAC2STR(src), freq);
+	if (crypto_suite != 1) {
+		wpa_printf(MSG_DEBUG, "DPP: Unsupported crypto suite %u",
+			   crypto_suite);
+		return;
+	}
 	wpa_hexdump(MSG_MSGDUMP, "DPP: Received message attributes", buf, len);
 	if (dpp_check_attrs(buf, len) < 0)
 		return;
diff --git a/src/common/dpp.c b/src/common/dpp.c
index 85b97fb4f..649464bce 100644
--- a/src/common/dpp.c
+++ b/src/common/dpp.c
@@ -484,13 +484,14 @@ struct wpabuf * dpp_alloc_msg(enum dpp_public_action_frame_type type,
 {
 	struct wpabuf *msg;
 
-	msg = wpabuf_alloc(7 + len);
+	msg = wpabuf_alloc(8 + len);
 	if (!msg)
 		return NULL;
 	wpabuf_put_u8(msg, WLAN_ACTION_PUBLIC);
 	wpabuf_put_u8(msg, WLAN_PA_VENDOR_SPECIFIC);
 	wpabuf_put_be24(msg, OUI_WFA);
 	wpabuf_put_u8(msg, DPP_OUI_TYPE);
+	wpabuf_put_u8(msg, 1); /* Crypto Suite */
 	wpabuf_put_u8(msg, type);
 	return msg;
 }
diff --git a/wpa_supplicant/dpp_supplicant.c b/wpa_supplicant/dpp_supplicant.c
index 2492749fe..50003e87e 100644
--- a/wpa_supplicant/dpp_supplicant.c
+++ b/wpa_supplicant/dpp_supplicant.c
@@ -1587,18 +1587,24 @@ wpas_dpp_rx_pkex_commit_reveal_resp(struct wpa_supplicant *wpa_s, const u8 *src,
 void wpas_dpp_rx_action(struct wpa_supplicant *wpa_s, const u8 *src,
 			const u8 *buf, size_t len, unsigned int freq)
 {
+	u8 crypto_suite;
 	enum dpp_public_action_frame_type type;
 
-	if (len < 1)
+	if (len < 2)
 		return;
-	type = buf[0];
-	buf++;
-	len--;
+	crypto_suite = *buf++;
+	type = *buf++;
+	len -= 2;
 
 	wpa_printf(MSG_DEBUG,
-		   "DPP: Received DPP Public Action frame type %d from "
+		   "DPP: Received DPP Public Action frame crypto suite %u type %d from "
 		   MACSTR " freq=%u",
-		   type, MAC2STR(src), freq);
+		   crypto_suite, type, MAC2STR(src), freq);
+	if (crypto_suite != 1) {
+		wpa_printf(MSG_DEBUG, "DPP: Unsupported crypto suite %u",
+			   crypto_suite);
+		return;
+	}
 	wpa_hexdump(MSG_MSGDUMP, "DPP: Received message attributes", buf, len);
 	if (dpp_check_attrs(buf, len) < 0)
 		return;