[PATCH v2] netifd: fix WPA3 enterprise ciphers
Joerg Werner
schreibubi at gmail.com
Mon Aug 15 05:10:22 PDT 2022
WPA3 enterprise requires wpa_cipher to be GCMP-256 for good client/device
support, so if the user sets encryption to wpa3 or wpa3-mixed, then add
GCMP-256. Also allow explicit selection of GCMP-256/CCMP-256 ciphers by
adding gcmp256/ccmp256 at the end of the encryption value.
Signed-off-by: Joerg Werner <schreibubi at gmail.com>
---
Updated patch after review from Hauke Mehrtens
scripts/netifd-wireless.sh | 9 +++++++++
1 file changed, 9 insertions(+)
diff --git a/scripts/netifd-wireless.sh b/scripts/netifd-wireless.sh
index 0e3293c..5779751 100644
--- a/scripts/netifd-wireless.sh
+++ b/scripts/netifd-wireless.sh
@@ -216,10 +216,19 @@ wireless_vif_parse_encryption() {
wpa_cipher="CCMP"
fi
+ # WPA3 enterprise requires the GCMP-256 cipher (technically also CCMP and GCMP are possible
+ # but many clients/devices do not support that)
+ case "$encryption" in
+ wpa3-mixed*) wpa_cipher="${wpa_cipher} GCMP-256";;
+ wpa3*) wpa_cipher="GCMP-256";;
+ esac
+
case "$encryption" in
*tkip+aes|*tkip+ccmp|*aes+tkip|*ccmp+tkip) wpa_cipher="CCMP TKIP";;
+ *ccmp256) wpa_cipher="CCMP-256";;
*aes|*ccmp) wpa_cipher="CCMP";;
*tkip) wpa_cipher="TKIP";;
+ *gcmp256) wpa_cipher="GCMP-256";;
*gcmp) wpa_cipher="GCMP";;
esac
--
2.37.2
More information about the openwrt-devel
mailing list