Hi Michele:
You can create two similar netblocks of different priority (higher
number = higher priority). The higher priority netblock will be
compared with the scan results first.
For example, to try matching with SAE first:
network={
ssid="mynetwork"
psk="mypassword"
key_mgmt=SAE
ieee80211w=2
priority=10
}
network={
ssid="mynetwork"
psk="mypassword"
key_mgmt=WPA-PSK
ieee80211w=1
priority=5
}
Best regards,
Dennis
> Hi all,
>
> I'm the maintainer of the NixOS module[^1] for wpa_supplicant.
> I'd like to know if it's possible to write a network block that will
> always work for to both WPA2 and WPA3 networks. Based on the
> documentation I wrote:
>
> network={
> ssid="mynetwork"
> psk="mypassword"
> key_mgmt=SAE WPA-PSK
> ieee80211w=1
> }
>
> This seem to work:
> 1. if the network is mixed SAE WPA-PSK, wpa_supplicant uses SAE
> 2. if the network is WPA-PSK or SAE only, wpa_supplicant uses that
> However, if (in case 1.) SAE fails for some reason, wpa_supplicant
> will not fallback to WPA-PSK but keep trying SAE forever.
> This is an issue, for example, if the hardware lacks PMF support.
>
> Is there a way to configure SAE opportunistically? Try SAE first,
> if it succeeds use that, otherwise try another protocol.
>
> Thank you,
>
> rnhmjoj
>
>
> [^1]: If you never heard of NixOS, that is basically a high-level
> interface for generating wpa_supplicant config file.
_______________________________________________
Hostap mailing list
Hostap@xxxxxxxxxxxxxxxxxxx
http://lists.infradead.org/mailman/listinfo/hostap
