path: root/wpa_supplicant/wpa_supplicant.conf
diff options
authorJouni Malinen <j@w1.fi>2017-03-12 20:45:35 (GMT)
committerJouni Malinen <j@w1.fi>2017-03-12 21:20:32 (GMT)
commit76e20f4fa7025b8e6887b9bd55a5072ca7d74677 (patch)
tree4b367a4940d392336b16efa25ce2908fac29f9ea /wpa_supplicant/wpa_supplicant.conf
parent1764559eef3020afebb427d48799c13514f45de0 (diff)
FILS: Add FILS SK auth PFS support in STA mode
This adds an option to configure wpa_supplicant to use the perfect forward secrecy option in FILS shared key authentication. A new build option CONFIG_FILS_SK_PFS=y can be used to include this functionality. A new runtime network profile parameter fils_dh_group is used to enable this by specifying which DH group to use. For example, fils_dh_group=19 would use FILS SK PFS with a 256-bit random ECP group. Signed-off-by: Jouni Malinen <j@w1.fi>
Diffstat (limited to 'wpa_supplicant/wpa_supplicant.conf')
1 files changed, 5 insertions, 0 deletions
diff --git a/wpa_supplicant/wpa_supplicant.conf b/wpa_supplicant/wpa_supplicant.conf
index 8608681..6dac20e 100644
--- a/wpa_supplicant/wpa_supplicant.conf
+++ b/wpa_supplicant/wpa_supplicant.conf
@@ -1248,6 +1248,11 @@ fast_reauth=1
# 1 = WPS disabled
+# FILS DH Group
+# 0 = PFS disabled with FILS shared key authentication (default)
+# 1-65535 = DH Group to use for FILS PFS
# MAC address policy
# 0 = use permanent MAC address
# 1 = use random MAC address for each ESS connection