On Wed, Mar 10, 2021 at 11:34:19PM +0000, RAGHAVENDRA SADARAMACHANDRA (rsadaram) wrote: > I am running latest hostapd in H2E only mode using following hostapd.conf. > …. > sae_pwe=1 > sae_groups=19 > sae_password=example secret > > Latest Wpa_supplicant is not connecting to H2E only mode AP, if I use wpa_supplicant.conf with only “sae_password=example secret” Are you leaving the sae_pwe to its default value, i.e., H2E disabled, in wpa_supplicant configutation? > Wpa_supplicant throws: > 1615416250.587683: wlp5s0: Selecting BSS from priority group 0 > 1615416250.587690: wlp5s0: 0: f8:a2:d6:bc:d0:51 ssid='raghu-test-h2e' wpa_ie_len=0 rsn_ie_len=20 caps=0x411 level=-39 freq=2437 > 1615416250.587700: wlp5s0: selected based on RSN IE > 1615416250.587704: wlp5s0: SAE H2E disabled > 1615416250.587708: wlp5s0: skip - rate sets do not match This indicates that wpa_supplicant has SAE H2E disabled and cannot join the network that mandates use of H2E. > If I use password identifier then it works. Following config works. > Hostapd.conf: > sae_password=example secret|id=pw identifier > > wpa_supplicant.conf: > sae_password="example secret" > sae_password_id="pw identifier" Specifying SAE Password Identifier will automatically enable H2E since the standard allows password identifier to be used only with H2E. > Is there a way to test wpa_supplicant and hostapd without using pwd identifier? Yes, you'll just need to enable SAE H2E in wpa_supplicant configuration (sae_pwe=1 or sae_pwe=2). -- Jouni Malinen PGP id EFC895FA _______________________________________________ Hostap mailing list Hostap@xxxxxxxxxxxxxxxxxxx http://lists.infradead.org/mailman/listinfo/hostap
