[OpenWrt-Devel] [PATCH] hostapd: enable PMKSA and OK caching for WPA3-Personal
Hauke Mehrtens
hauke at hauke-m.de
Wed Oct 30 15:47:17 EDT 2019
On 10/29/19 11:42 PM, David Bauer wrote:
> This enables PMKSA and opportunistic key caching by default for
> WPA2/WPA3-Personal, WPA3-Personal and OWE auth types.
> Otherwise, Apple devices won't connect to the WPA3 network.
>
> This should not degrade security, as there's no external authentication
> provider.
>
> Tested with OCEDO Koala and iPhone 7 (iOS 13.1).
>
> Signed-off-by: David Bauer <mail at david-bauer.net>
Do you know which, PMKSA or OKC, is needed for the iPhone?
I do not understand why the iPhone only works when one of these options
is set, you should probably ask on the hostapd mailing list for help,
this could be also a bug in hostapd.
> ---
> package/network/services/hostapd/files/hostapd.sh | 9 ++++++++-
> 1 file changed, 8 insertions(+), 1 deletion(-)
>
> diff --git a/package/network/services/hostapd/files/hostapd.sh b/package/network/services/hostapd/files/hostapd.sh
> index 8da8539e8a..fdbce815df 100644
> --- a/package/network/services/hostapd/files/hostapd.sh
> +++ b/package/network/services/hostapd/files/hostapd.sh
> @@ -540,7 +540,14 @@ hostapd_set_bss_options() {
> append bss_conf "rsn_preauth=1" "$N"
> append bss_conf "rsn_preauth_interfaces=$network_bridge" "$N"
> else
> - set_default auth_cache 0
> + case "$auth_type" in
> + sae|psk-sae|owe)
> + set_default auth_cache 1
> + ;;
> + *)
> + set_default auth_cache 0
> + ;;
> + esac
> fi
>
> append bss_conf "okc=$auth_cache" "$N"
>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 488 bytes
Desc: OpenPGP digital signature
URL: <http://lists.infradead.org/pipermail/openwrt-devel/attachments/20191030/a3bde809/attachment.sig>
-------------- next part --------------
_______________________________________________
openwrt-devel mailing list
openwrt-devel at lists.openwrt.org
https://lists.openwrt.org/mailman/listinfo/openwrt-devel
More information about the openwrt-devel
mailing list