On 01/09/2020 01:53 AM, Jouni Malinen wrote:
On Wed, Jan 08, 2020 at 03:21:28PM -0800, Ben Greear wrote:
On 1/8/20 3:04 PM, Ben Greear wrote:
While testing some HS20 (r1) scenarios, we found that associations fail with code 31
(PMF not valid) if AP and STA are configured to not use .11w (PMF).
Ahh, I think I see. I found the hs20_release config option, probably that
and other commits around there explains our issue. We'll try forcing the AP back
to hs20-release 1 and see if STA can connect without PMF.
This PMF requirement is based on the Hotspot 2.0 release number. The
hs20_release=1 configuration case is only for testing purposes (which
may work for your use case) and it does not actually disable the PMF
check on the AP side. However, if the station side falls back to Release
1 based on AP's advertisement (this is expectation in the specification,
but not something that wpa_supplicant always followed), the PMF
requirement is not enforced.
We have not yet tested trying to force different versions on an AP, but
we do see that now we can no longer connect to a Ubiquity AP with HS20
enabled, probably due to some PMF issue. This is regardless of whether
we enable or disable PMF on AP or STA. Could be a bug in the AP,
but maybe also the enforcement in the station is breaking things that
used to work.
We have previously had success connecting to the Ubiquity with HS20 enabled, but we are not
certain if it is running the same firmware and/or config of when it last
worked.
Thanks,
Ben
--
Ben Greear <greearb@xxxxxxxxxxxxxxx>
Candela Technologies Inc http://www.candelatech.com
_______________________________________________
Hostap mailing list
Hostap@xxxxxxxxxxxxxxxxxxx
http://lists.infradead.org/mailman/listinfo/hostap