diff options
author | Stijn Tintel <stijn@linux-ipv6.be> | 2016-12-28 06:18:54 +0100 |
---|---|---|
committer | Stijn Tintel <stijn@linux-ipv6.be> | 2017-01-03 20:53:49 +0100 |
commit | 388681fe535c2c40dea7a400ff044a54610a4a2f (patch) | |
tree | e8bfeb1adaa50bb0a095ebb99a84a002471de994 /package/network | |
parent | 30f14f61984591e7481a3fb568ad59dfb6c49ce7 (diff) | |
download | upstream-388681fe535c2c40dea7a400ff044a54610a4a2f.tar.gz upstream-388681fe535c2c40dea7a400ff044a54610a4a2f.tar.bz2 upstream-388681fe535c2c40dea7a400ff044a54610a4a2f.zip |
hostapd: enable SHA256-based algorithms
Enable support for stronger SHA256-based algorithms in hostapd and
wpa_supplicant when using WPA-EAP or WPA-PSK with 802.11w enabled.
We cannot unconditionally enable it, as it requires hostapd to be
compiled with 802.11w support, which is disabled in the -mini variants.
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
Tested-by: Sebastian Kemper <sebastian_ml@gmx.net>
Diffstat (limited to 'package/network')
-rw-r--r-- | package/network/services/hostapd/files/netifd.sh | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/package/network/services/hostapd/files/netifd.sh b/package/network/services/hostapd/files/netifd.sh index a339e443ff..a7a6a64e7a 100644 --- a/package/network/services/hostapd/files/netifd.sh +++ b/package/network/services/hostapd/files/netifd.sh @@ -41,6 +41,7 @@ hostapd_append_wpa_key_mgmt() { append wpa_key_mgmt "WPA-$auth_type" [ "$ieee80211r" -gt 0 ] && append wpa_key_mgmt "FT-${auth_type}" + [ "$ieee80211w" -gt 0 ] && append wpa_key_mgmt "WPA-${auth_type}-SHA256" } hostapd_add_log_config() { @@ -194,7 +195,7 @@ hostapd_set_bss_options() { wps_device_type wps_device_name wps_manufacturer wps_pin \ macfilter ssid wmm uapsd hidden short_preamble rsn_preauth \ iapp_interface eapol_version acct_server acct_secret acct_port \ - dynamic_vlan + dynamic_vlan ieee80211w set_default isolate 0 set_default maxassoc 0 @@ -400,7 +401,6 @@ hostapd_set_bss_options() { [ "$auth_cache" = 0 ] && append bss_conf "disable_pmksa_caching=1" "$N" # RSN -> allow management frame protection - json_get_var ieee80211w ieee80211w case "$ieee80211w" in [012]) json_get_vars ieee80211w_max_timeout ieee80211w_retry_timeout |