CVSROOT: /cvs Module name: src Changes by: s...@cvs.openbsd.org 2016/12/20 06:27:58
Modified files: sys/net80211 : ieee80211_crypto.c ieee80211_ioctl.c Log message: Disable TKIP (WPA1) by default. It is time for this legacy of WEP to die (remember WEP?). The 802.11-2012 standard says: The use of TKIP is deprecated. The TKIP algorithm is unsuitable for the purposes of this standard. TKIP has numerous problems. One of which is that TKIP allows a denial of service attack which can be triggered by any client. Report 2 Michael MIC failures to a TKIP AP to trigger "TKIP countermeasures". The AP is now required by the 802.11 standard to lock everyone out for at least 60 seconds. The network will remain unusable for as long as such MIC failure reports are sent twice per minute. TKIP remains available for interoperability purposes, for now. It must be enabled manually with ifconfig(8). Prompted by discussion with Mathy Vanhoef. ok deraadt@ sthen@ reyk@