luci icon indicating copy to clipboard operation
luci copied to clipboard
verified publisher icon openwrt

luci-mod-network: Cipher option is not required for WPA3 Enterprise security mode

Open morse-sophronia opened this issue 1 year ago • 4 comments

Cipher option is not required for WPA3 Enterprise security mode, as Openwrt only supports CCMP cipher for wpa3. image

Steps to reproduce:

image

Actual behavior:

These options for Cipher is not required and it can default to CCMP

Expected behavior:

if encryption is wpa3, default cipher to CCMP

morse-sophronia avatar Mar 04 '24 03:03 morse-sophronia

https://github.com/openwrt/luci/pull/6963

morse-sophronia avatar Mar 04 '24 03:03 morse-sophronia

I agree with this observation, but there may be newer ciphers in the future which could appear there. So the choice field should remain.

systemcrash avatar Mar 04 '24 13:03 systemcrash

It should be AES and AES192, certainly no TKIP. https://www.wi-fi.org/system/files/Wi-Fi_Alliance_Technical_Note_TKIP_v1.0.pdf

brada4 avatar Mar 04 '24 20:03 brada4

I confirm no TKIP for WPA3:

  • WPA3 Personal -> Simultaneous Authentication of Equals (SAE) with forward secrecy (FS/PFS) -> GCMP - AES
  • WPA3 Enterprise -> 802.1X/EAP -> GCMP - AES

It must be solved.

Neustradamus avatar Aug 22 '24 03:08 Neustradamus

Cipher option is not required for WPA3 Enterprise security mode, as Openwrt only supports CCMP cipher for wpa3. image

Steps to reproduce:

image

Actual behavior:

These options for Cipher is not required and it can default to CCMP

Expected behavior:

if encryption is wpa3, default cipher to CCMP

Note: The table is from here https://openwrt.org/docs/guide-user/network/wifi/basic#encryption_modes

webysther avatar Jan 28 '25 11:01 webysther