aboutsummaryrefslogtreecommitdiffstats
path: root/package/network/services/wireguard
diff options
context:
space:
mode:
authorStijn Tintel <stijn@linux-ipv6.be>2017-10-17 16:35:03 +0300
committerStijn Tintel <stijn@linux-ipv6.be>2017-10-17 17:25:05 +0300
commitc5f97c9372da3229350184fb263c97d9ea8944c5 (patch)
tree1556ee64dc86f90ad9bb360c1e429b33661a1e1a /package/network/services/wireguard
parent2127425434046ae2b9f02fdbbdd37cac447af19c (diff)
downloadupstream-c5f97c9372da3229350184fb263c97d9ea8944c5.tar.gz
upstream-c5f97c9372da3229350184fb263c97d9ea8944c5.tar.bz2
upstream-c5f97c9372da3229350184fb263c97d9ea8944c5.zip
hostapd: add wpa_disable_eapol_key_retries option
Commit 2127425434046ae2b9f02fdbbdd37cac447af19c introduced an AP-side workaround for key reinstallation attacks. This option can be used to mitigate KRACK on the station side, in case those stations cannot be updated. Since many devices are out there will not receive an update anytime soon (if at all), it makes sense to include this workaround. Unfortunately this can cause interoperability issues and reduced robustness of key negotiation, so disable the workaround by default, and add an option to allow the user to enable it if he deems necessary. Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
Diffstat (limited to 'package/network/services/wireguard')
0 files changed, 0 insertions, 0 deletions