diff --git a/hostapd/hostapd.conf b/hostapd/hostapd.conf index f71e83e51..263a04e8f 100644 --- a/hostapd/hostapd.conf +++ b/hostapd/hostapd.conf @@ -1659,6 +1659,12 @@ own_ip_addr=127.0.0.1 # 1 = optional # 2 = required #ieee80211w=0 +# The most common configuration options for this based on the PMF (protected +# management frames) certification program are: +# PMF enabled: ieee80211w=1 and wpa_key_mgmt=WPA-EAP WPA-EAP-SHA256 +# PMF required: ieee80211w=2 and wpa_key_mgmt=WPA-EAP-SHA256 +# (and similarly for WPA-PSK and WPA-PSK-SHA256 if WPA2-Personal is used) +# WPA3-Personal-only mode: ieee80211w=2 and wpa_key_mgmt=SAE # Group management cipher suite # Default: AES-128-CMAC (BIP) diff --git a/wpa_supplicant/wpa_supplicant.conf b/wpa_supplicant/wpa_supplicant.conf index ba511b9cb..328f91a97 100644 --- a/wpa_supplicant/wpa_supplicant.conf +++ b/wpa_supplicant/wpa_supplicant.conf @@ -955,7 +955,8 @@ fast_reauth=1 # management frames) certification program are: # PMF enabled: ieee80211w=1 and key_mgmt=WPA-EAP WPA-EAP-SHA256 # PMF required: ieee80211w=2 and key_mgmt=WPA-EAP-SHA256 -# (and similarly for WPA-PSK and WPA-WPSK-SHA256 if WPA2-Personal is used) +# (and similarly for WPA-PSK and WPA-PSK-SHA256 if WPA2-Personal is used) +# WPA3-Personal-only mode: ieee80211w=2 and key_mgmt=SAE # # ocv: whether operating channel validation is enabled # This is a countermeasure against multi-channel man-in-the-middle attacks.