damien.bergam...@free.fr schrieb:
| hi list,
| i have a problem with wpa2 and osx. i could connect to the ap
| if i force it to use wpa1 only. all other wpaprotos gives a :
| "WPA2(PSK,unknown/TKIP,AES/TKIP)"
| while scanning with airport and the association failed. the test
| cases and dmesg could be found here:
| http://sumi.thepixelz.com/obsd/wpa-openbsd.txt
The "unknown" comes from the PSK-SHA-256 authentication protocol
supported by OpenBSD (this is a protocol defined in Draft 802.11w
that has a stronger key derivation function than the legacy
PSK-SHA1). Unfortunately, some broken (non standard compliant)
supplicants are confused by unknown authentication protocols
and try to associate using 802.1X in this case.
I've seen this with Intel PRO/Set on XP too.
thx, this explains the behaviour
I'm not quite sure what to do since it's not OpenBSD fault at
all. The current approach is that if a user specifies "psk"
with the "wpaakms" ifconfig command, both PSK-SHA1 and PSK-SHA-256
are advertised by the AP. Maybe I should add "psk-sha256" to the
list of supported values for "wpaakms" so that people who have
interoperability problems can disable PSK-SHA-256 with
"wpaakms psk". The default setting would be "psk,psk-sha256".
that would be great but i should hammer on apple to get psk-sha-256
working ;)
Because we are approaching release, I will probably stop
advertising PSK-SHA-256 by default for 4.5 (AFAIK, only OpenBSD
clients are currently capable of selecting this authentication
protocol, although some very recent versions of wpa_supplicant
may support it too.)
as for 4.5, imho just leave it as is. no one has cared so far.
maybe some sort of documentation/caveat in man ifconfig would help other
users.
Damien
thx again
tim
--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
