While the standard does not require SHA256-based algorithms when PFM is mandatory, there's not much of a point in keeping the old algorithms enabled.
See http://lists.shmoo.com/pipermail/hostap/2014-November/031283.html Signed-off-by: Stijn Tintel <st...@linux-ipv6.be> --- package/network/services/hostapd/files/netifd.sh | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/package/network/services/hostapd/files/netifd.sh b/package/network/services/hostapd/files/netifd.sh index a6049fd..359a264 100644 --- a/package/network/services/hostapd/files/netifd.sh +++ b/package/network/services/hostapd/files/netifd.sh @@ -257,7 +257,7 @@ hostapd_set_bss_options() { wps_possible=1 [ "$ieee80211w" -gt 0 ] && append wpa_key_mgmt "WPA-PSK-SHA256" - append wpa_key_mgmt "WPA-PSK" + [ "$ieee80211w" -lt 2 ] && append wpa_key_mgmt "WPA-PSK" ;; eap) json_get_vars \ @@ -293,7 +293,7 @@ hostapd_set_bss_options() { append bss_conf "eapol_key_index_workaround=1" "$N" append bss_conf "ieee8021x=1" "$N" [ "$ieee80211w" -gt 1 ] && append wpa_key_mgmt "WPA-EAP-SHA256" - append wpa_key_mgmt "WPA-EAP" + [ "$ieee80211w" -lt 2 ] && append wpa_key_mgmt "WPA-EAP" [ "$eapol_version" -ge "1" -a "$eapol_version" -le "2" ] && append bss_conf "eapol_version=$eapol_version" "$N" ;; @@ -617,7 +617,7 @@ wpa_supplicant_add_network() { local passphrase [ "$ieee80211w" -gt 1 ] && append wpa_key_mgmt "WPA-PSK-SHA256" - append wpa_key_mgmt "WPA-PSK" + [ "$ieee80211w" -lt 2 ] && append wpa_key_mgmt "WPA-PSK" [ "$ieee80211r" -gt 0 ] && append wpa_key_mgmt "FT-PSK" key_mgmt="$wpa_key_mgmt" @@ -630,7 +630,7 @@ wpa_supplicant_add_network() { ;; eap) [ "$ieee80211w" -gt 1 ] && append wpa_key_mgmt "WPA-EAP-SHA256" - append wpa_key_mgmt "WPA-EAP" + [ "$ieee80211w" -lt 2 ] && append wpa_key_mgmt "WPA-EAP" [ "$ieee80211r" -gt 0 ] && append wpa_key_mgmt "FT-EAP" key_mgmt="$wpa_key_mgmt" -- 2.10.2 _______________________________________________ Lede-dev mailing list Lede-dev@lists.infradead.org http://lists.infradead.org/mailman/listinfo/lede-dev
