path: root/wpa_supplicant
diff options
authorJouni Malinen <j@w1.fi>2012-05-05 13:48:23 (GMT)
committerJouni Malinen <j@w1.fi>2012-05-05 13:48:23 (GMT)
commit4732ee3a87a1375fa528f9626c57e3ab41f5f110 (patch)
tree6b1d05a35f46094d4bb0554fa4c10c24b801b425 /wpa_supplicant
parent3d332fe75e9546a3b1d13042d791e1e67c276e79 (diff)
Add more documentation for IEEE 802.11w/PMF configuration
Signed-hostap: Jouni Malinen <j@w1.fi>
Diffstat (limited to 'wpa_supplicant')
2 files changed, 11 insertions, 3 deletions
diff --git a/wpa_supplicant/defconfig b/wpa_supplicant/defconfig
index 625065b..7f66576 100644
--- a/wpa_supplicant/defconfig
+++ b/wpa_supplicant/defconfig
@@ -321,9 +321,7 @@ CONFIG_BACKEND=file
# PeerKey handshake for Station to Station Link (IEEE 802.11e DLS)
-# IEEE 802.11w (management frame protection)
-# This version is an experimental implementation based on IEEE 802.11w/D1.0
-# draft and is subject to change since the standard has not yet been finalized.
+# IEEE 802.11w (management frame protection), also known as PMF
# Driver support is also needed for IEEE 802.11w.
diff --git a/wpa_supplicant/wpa_supplicant.conf b/wpa_supplicant/wpa_supplicant.conf
index e226954..6b94c61 100644
--- a/wpa_supplicant/wpa_supplicant.conf
+++ b/wpa_supplicant/wpa_supplicant.conf
@@ -411,6 +411,16 @@ fast_reauth=1
# WPA-EAP-SHA256 = Like WPA-EAP but using stronger SHA256-based algorithms
# If not set, this defaults to: WPA-PSK WPA-EAP
+# ieee80211w: whether management frame protection is enabled
+# 0 = disabled (default)
+# 1 = optional
+# 2 = required
+# The most common configuration options for this based on the PMF (protected
+# management frames) certification program are:
+# PMF enabled: ieee80211w=1 and key_mgmt=WPA-EAP WPA-EAP-SHA256
+# PMF required: ieee80211w=2 and key_mgmt=WPA-EAP-SHA256
+# (and similarly for WPA-PSK and WPA-WPSK-SHA256 if WPA2-Personal is used)
# auth_alg: list of allowed IEEE 802.11 authentication algorithms
# OPEN = Open System authentication (required for WPA/WPA2)
# SHARED = Shared Key authentication (requires static WEP keys)