| hi list, | i have a problem with wpa2 and osx. i could connect to the ap | if i force it to use wpa1 only. all other wpaprotos gives a : | "WPA2(PSK,unknown/TKIP,AES/TKIP)" | while scanning with airport and the association failed. the test | cases and dmesg could be found here: | http://sumi.thepixelz.com/obsd/wpa-openbsd.txt
The "unknown" comes from the PSK-SHA-256 authentication protocol supported by OpenBSD (this is a protocol defined in Draft 802.11w that has a stronger key derivation function than the legacy PSK-SHA1). Unfortunately, some broken (non standard compliant) supplicants are confused by unknown authentication protocols and try to associate using 802.1X in this case. I've seen this with Intel PRO/Set on XP too. I'm not quite sure what to do since it's not OpenBSD fault at all. The current approach is that if a user specifies "psk" with the "wpaakms" ifconfig command, both PSK-SHA1 and PSK-SHA-256 are advertised by the AP. Maybe I should add "psk-sha256" to the list of supported values for "wpaakms" so that people who have interoperability problems can disable PSK-SHA-256 with "wpaakms psk". The default setting would be "psk,psk-sha256". Because we are approaching release, I will probably stop advertising PSK-SHA-256 by default for 4.5 (AFAIK, only OpenBSD clients are currently capable of selecting this authentication protocol, although some very recent versions of wpa_supplicant may support it too.) Damien
