From e7d73c378d891120c756f5534afc5f6919e0b0c6 Mon Sep 17 00:00:00 2001 From: Jouni Malinen Date: Wed, 1 Aug 2018 17:51:42 +0300 Subject: [PATCH] Provide more details of WPA3 modes in hostapd.conf Clarify that wpa=2 (i.e., RSN) is used for WPA3 and list previously undocumented wpa_key_mgmt values. Signed-off-by: Jouni Malinen --- hostapd/hostapd.conf | 18 +++++++++++++++++- 1 file changed, 17 insertions(+), 1 deletion(-) diff --git a/hostapd/hostapd.conf b/hostapd/hostapd.conf index 0de4b8569..70f9713d3 100644 --- a/hostapd/hostapd.conf +++ b/hostapd/hostapd.conf @@ -1239,7 +1239,10 @@ own_ip_addr=127.0.0.1 # and/or WPA2 (full IEEE 802.11i/RSN): # bit0 = WPA # bit1 = IEEE 802.11i/RSN (WPA2) (dot11RSNAEnabled) -#wpa=1 +# Note that WPA3 is also configured with bit1 since it uses RSN just like WPA2. +# In other words, for WPA3, wpa=2 is used the configuration (and +# wpa_key_mgmt=SAE for WPA3-Personal instead of wpa_key_mgmt=WPA-PSK). +#wpa=2 # WPA pre-shared keys for WPA-PSK. This can be either entered as a 256-bit # secret in hex format (64 hex digits), wpa_psk, or as an ASCII passphrase @@ -1268,10 +1271,23 @@ own_ip_addr=127.0.0.1 # Set of accepted key management algorithms (WPA-PSK, WPA-EAP, or both). The # entries are separated with a space. WPA-PSK-SHA256 and WPA-EAP-SHA256 can be # added to enable SHA256-based stronger algorithms. +# WPA-PSK = WPA-Personal / WPA2-Personal +# WPA-PSK-SHA256 = WPA2-Personal using SHA256 +# WPA-EAP = WPA-Enterprise / WPA2-Enterprise +# WPA-EAP-SHA256 = WPA2-Enterprise using SHA256 +# SAE = SAE (WPA3-Personal) +# WPA-EAP-SUITE-B-192 = WPA3-Enterprise with 192-bit security/CNSA suite +# FT-PSK = FT with passphrase/PSK +# FT-EAP = FT with EAP +# FT-EAP-SHA384 = FT with EAP using SHA384 +# FT-SAE = FT with SAE # FILS-SHA256 = Fast Initial Link Setup with SHA256 # FILS-SHA384 = Fast Initial Link Setup with SHA384 # FT-FILS-SHA256 = FT and Fast Initial Link Setup with SHA256 # FT-FILS-SHA384 = FT and Fast Initial Link Setup with SHA384 +# OWE = Opportunistic Wireless Encryption (a.k.a. Enhanced Open) +# DPP = Device Provisioning Protocol +# OSEN = Hotspot 2.0 online signup with encryption # (dot11RSNAConfigAuthenticationSuitesTable) #wpa_key_mgmt=WPA-PSK WPA-EAP