X-Git-Url: http://git.ipfire.org/?a=blobdiff_plain;f=hostapd%2Fhostapd.conf;h=140c8d6ff41bcf07a7055f109e708ab41931b013;hb=27781c0ab5d02be9ea22b9636b3ecf59e3b89ddc;hp=2cd8ae5faf29abb7a7b7a91d34e06c37ecac3a30;hpb=aab66128369c5953e70f867e997a54146bcca88b;p=thirdparty%2Fhostap.git

diff --git a/hostapd/hostapd.conf b/hostapd/hostapd.conf
index 2cd8ae5fa..140c8d6ff 100644
--- a/hostapd/hostapd.conf
+++ b/hostapd/hostapd.conf
@@ -1269,18 +1269,31 @@ own_ip_addr=127.0.0.1
 
 # Set of accepted cipher suites (encryption algorithms) for pairwise keys
 # (unicast packets). This is a space separated list of algorithms:
-# CCMP = AES in Counter mode with CBC-MAC [RFC 3610, IEEE 802.11i/D7.0]
-# TKIP = Temporal Key Integrity Protocol [IEEE 802.11i/D7.0]
+# CCMP = AES in Counter mode with CBC-MAC (CCMP-128)
+# TKIP = Temporal Key Integrity Protocol
+# CCMP-256 = AES in Counter mode with CBC-MAC with 256-bit key
+# GCMP = Galois/counter mode protocol (GCMP-128)
+# GCMP-256 = Galois/counter mode protocol with 256-bit key
 # Group cipher suite (encryption algorithm for broadcast and multicast frames)
 # is automatically selected based on this configuration. If only CCMP is
 # allowed as the pairwise cipher, group cipher will also be CCMP. Otherwise,
-# TKIP will be used as the group cipher.
+# TKIP will be used as the group cipher. The optional group_cipher parameter can
+# be used to override this automatic selection.
+#
 # (dot11RSNAConfigPairwiseCiphersTable)
 # Pairwise cipher for WPA (v1) (default: TKIP)
 #wpa_pairwise=TKIP CCMP
 # Pairwise cipher for RSN/WPA2 (default: use wpa_pairwise value)
 #rsn_pairwise=CCMP
 
+# Optional override for automatic group cipher selection
+# This can be used to select a specific group cipher regardless of which
+# pairwise ciphers were enabled for WPA and RSN. It should be noted that
+# overriding the group cipher with an unexpected value can result in
+# interoperability issues and in general, this parameter is mainly used for
+# testing purposes.
+#group_cipher=CCMP
+
 # Time interval for rekeying GTK (broadcast/multicast encryption keys) in
 # seconds. (dot11RSNAConfigGroupRekeyTime)
 # This defaults to 86400 seconds (once per day) when using CCMP/GCMP as the