From 1ef692c599a77fcb0683e3196b8f4b56f52644da Mon Sep 17 00:00:00 2001 From: Michael Tremer Date: Sun, 31 Mar 2019 13:10:30 +0200 Subject: [PATCH] hostapd: Require MFP for SAE when it is enabled Signed-off-by: Michael Tremer --- src/functions/functions.hostapd | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/src/functions/functions.hostapd b/src/functions/functions.hostapd index 095beb8e..410e6e58 100644 --- a/src/functions/functions.hostapd +++ b/src/functions/functions.hostapd @@ -407,6 +407,7 @@ hostapd_config_write() { local wpa_passphrase local sae_password local wpa_strict_rekey + local sae_require_mfp # WPA3 Personal if enabled WPA3_PERSONAL; then @@ -416,6 +417,10 @@ hostapd_config_write() { # Add WPA key management list_append wpa_key_mgmt "SAE" sae_password="${secret}" + + if enabled MFP; then + sae_require_mfp="1" + fi fi # WPA2 Personal @@ -441,7 +446,7 @@ hostapd_config_write() { local var for var in wpa wpa_key_mgmt wpa_passphrase sae_password \ - rsn_pairwise group_cipher wpa_strict_rekey; do + rsn_pairwise group_cipher wpa_strict_rekeyi sae_require_mfp; do if [ -n "${!var}" ]; then print "${var}=${!var}" fi -- 2.47.3