Hi Ioannis, >> Well, keep in mind that WPA3 requires all kinds of new things, and the >> *most recent* NIC you tried is already ~11 years old afaict. > Yes and no. Yes it needs new things. No this is not the case here. I > tested cards from 2021 back to 2003. > >> This probably means they use SW crypto for everything. > Sounds good to me since it works. > >> What makes you believe that? > The fact that some just work. Why not use SW crypto on legacy devices? > >> Umm, no? Why would we break NICs that work well with most existing >> networks, just not WPA3 ones? > You got it wrong here. What I mean is to use a flag that some devices > are not WPA3 compatible. That way when an attempt to connect at such > an SSID would print a message suggesting to use a WPA2 network. This > will help novice users and save time from bug reports. Most routers > now support WPA3. have you tried iwd instead of wpa_supplicant? I think we have taken care of ensuring that WPA3 (or more precise SAE) is only tried when all ciphers are correctly supported by the card. Otherwise it is going to stick with WPA2. In case of WPA3-only network, we will have to see what happens and if the error reported is correct. You can try iwd behind NM or standalone with iwctl command line client and it will also give you iwmon tracing tool that allows more capturing the nl80211 traffic. Regards Marcel