aboutsummaryrefslogtreecommitdiffstats
path: root/hostapd/hostapd.conf
diff options
context:
space:
mode:
Diffstat (limited to 'hostapd/hostapd.conf')
-rw-r--r--hostapd/hostapd.conf14
1 files changed, 9 insertions, 5 deletions
diff --git a/hostapd/hostapd.conf b/hostapd/hostapd.conf
index 57f0af7..7faac59 100644
--- a/hostapd/hostapd.conf
+++ b/hostapd/hostapd.conf
@@ -1574,12 +1574,16 @@ own_ip_addr=127.0.0.1
# Enabled SAE finite cyclic groups
# SAE implementation are required to support group 19 (ECC group defined over a
-# 256-bit prime order field). All groups that are supported by the
-# implementation are enabled by default. This configuration parameter can be
-# used to specify a limited set of allowed groups. The group values are listed
-# in the IANA registry:
+# 256-bit prime order field). This configuration parameter can be used to
+# specify a set of allowed groups. If not included, only the mandatory group 19
+# is enabled.
+# The group values are listed in the IANA registry:
# http://www.iana.org/assignments/ipsec-registry/ipsec-registry.xml#ipsec-registry-9
-#sae_groups=19 20 21 25 26
+# Note that groups 1, 2, 5, 22, 23, and 24 should not be used in production
+# purposes due limited security (see RFC 8247). Groups that are not as strong as
+# group 19 (ECC, NIST P-256) are unlikely to be useful for production use cases
+# since all implementations are required to support group 19.
+#sae_groups=19 20 21
# Require MFP for all associations using SAE
# This parameter can be used to enforce negotiation of MFP for all associations