]> git.ipfire.org Git - thirdparty/hostap.git/commit
projects / thirdparty / hostap.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: c097f12) | patch
SAE: Enable only group 19 by default in AP mode
authorJouni Malinen <jouni@codeaurora.org>
Tue, 5 Mar 2019 15:18:11 +0000 (17:18 +0200)
committerJouni Malinen <j@w1.fi>
Tue, 5 Mar 2019 15:21:41 +0000 (17:21 +0200)
commit941bad5ef4db4dc6436f2d321d40abcb936ba7dd
treeb7c2cca6201358ef7d3b4c5a8a82cbdb01da4ec0tree | snapshot
parentc097f12c8fed0f1475c5abd14393b1710b287733commit | diff
SAE: Enable only group 19 by default in AP mode

Change the AP mode default for SAE to enable only the group 19 instead
of enabling all ECC groups that are supported by the used crypto library
and the SAE implementations. The main reason for this is to avoid
enabling groups that are not as strong as the mandatory-to-support group
19 (i.e., groups 25 and 26). In addition, this disables heavier groups
by default.

In addition, add a warning about MODP groups 1, 2, 5, 22, 23, and 24
based on "MUST NOT" or "SHOULD NOT" categorization in RFC 8247. All the
MODP groups were already disabled by default and would have needed
explicit configuration to be allowed.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
hostapd/hostapd.conf diff | blob | blame | history
src/ap/ieee802_11.c diff | blob | blame | history
Unnamed repository; edit this file 'description' to name the repository.