More detailed documentation on ieee80211w configuration parameter

Signed-off-by: Jouni Malinen <j@w1.fi>
2019-12-23 10:48:09 +02:00 · 2019-12-23 10:48:09 +02:00 · efaa6256e2
parent 1730a6a5ef
commit efaa6256e2
2 changed files with 8 additions and 1 deletions
--- a/hostapd/hostapd.conf
+++ b/hostapd/hostapd.conf
@ -1659,6 +1659,12 @@ own_ip_addr=127.0.0.1
 # 1 = optional
 # 2 = required
 #ieee80211w=0
+# The most common configuration options for this based on the PMF (protected
+# management frames) certification program are:
+# PMF enabled: ieee80211w=1 and wpa_key_mgmt=WPA-EAP WPA-EAP-SHA256
+# PMF required: ieee80211w=2 and wpa_key_mgmt=WPA-EAP-SHA256
+# (and similarly for WPA-PSK and WPA-PSK-SHA256 if WPA2-Personal is used)
+# WPA3-Personal-only mode: ieee80211w=2 and wpa_key_mgmt=SAE

 # Group management cipher suite
 # Default: AES-128-CMAC (BIP)
--- a/wpa_supplicant/wpa_supplicant.conf
+++ b/wpa_supplicant/wpa_supplicant.conf
@ -955,7 +955,8 @@ fast_reauth=1
 # management frames) certification program are:
 # PMF enabled: ieee80211w=1 and key_mgmt=WPA-EAP WPA-EAP-SHA256
 # PMF required: ieee80211w=2 and key_mgmt=WPA-EAP-SHA256
-# (and similarly for WPA-PSK and WPA-WPSK-SHA256 if WPA2-Personal is used)
+# (and similarly for WPA-PSK and WPA-PSK-SHA256 if WPA2-Personal is used)
+# WPA3-Personal-only mode: ieee80211w=2 and key_mgmt=SAE
 #
 # ocv: whether operating channel validation is enabled
 # This is a countermeasure against multi-channel man-in-the-middle attacks.