fdo-mirrors/NetworkManager
1
0
Fork 0
mirror of https://gitlab.freedesktop.org/NetworkManager/NetworkManager.git synced 2026-04-19 10:10:41 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions

devices/wifi: Use sae as main key-mgmt method for networks supporting WPA2 and WPA3

Browse source 
Networks which are working in hybrid mode - WPA2-PSK/WPA3-SAE are offering
two completly different encryption standards. In that case the default mode
should be set to "sae". Setting to "wpa-psk" is a downgrade in security
and should be only allowed if key-mgmt is set to it.

https://gitlab.freedesktop.org/NetworkManager/NetworkManager/-/issues/1136

https://gitlab.freedesktop.org/NetworkManager/NetworkManager/-/merge_requests/1455
This commit is contained in:
Piotr Łobacz 2022-11-10 13:47:32 +01:00 committed by Thomas Haller
parent 81c1168a2d
commit da18683524
No known key found for this signature in database
GPG key ID: 29C2366E4DFC5728
1 changed files with 5 additions and 6 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

11
src/core/devices/wifi/nm-wifi-utils.c
View file

@ -813,13 +813,12 @@ nm_wifi_utils_complete_connection(GBytes *ap_ssid,
* setting. Since there's so much configuration required for it, there's
* no way it can be automatically completed.
*/
} else if (nm_streq0(key_mgmt, "wpa-psk")
|| (ap_rsn_flags & NM_802_11_AP_SEC_KEY_MGMT_SAE
&& (ap_wpa_flags & NM_802_11_AP_SEC_KEY_MGMT_PSK
|| ap_rsn_flags & NM_802_11_AP_SEC_KEY_MGMT_PSK))) {
} else if (ap_rsn_flags & NM_802_11_AP_SEC_KEY_MGMT_SAE
&& (ap_wpa_flags & NM_802_11_AP_SEC_KEY_MGMT_PSK
|| ap_rsn_flags & NM_802_11_AP_SEC_KEY_MGMT_PSK)) {
g_object_set(s_wsec,
NM_SETTING_WIRELESS_SECURITY_KEY_MGMT,
"wpa-psk",
nm_streq0(key_mgmt, "sae") ? "sae" : "wpa-psk",
NM_SETTING_WIRELESS_SECURITY_AUTH_ALG,
"open",
NULL);
@ -829,7 +828,7 @@ nm_wifi_utils_complete_connection(GBytes *ap_ssid,
|| NM_FLAGS_ANY(ap_rsn_flags,
NM_802_11_AP_SEC_KEY_MGMT_OWE | NM_802_11_AP_SEC_KEY_MGMT_OWE_TM)) {
g_object_set(s_wsec, NM_SETTING_WIRELESS_SECURITY_KEY_MGMT, "owe", NULL);
} else if (ap_wpa_flags & NM_802_11_AP_SEC_KEY_MGMT_PSK
} else if (nm_streq0(key_mgmt, "wpa-psk") || ap_wpa_flags & NM_802_11_AP_SEC_KEY_MGMT_PSK
|| ap_rsn_flags & NM_802_11_AP_SEC_KEY_MGMT_PSK) {
g_object_set(s_wsec,
NM_SETTING_WIRELESS_SECURITY_KEY_MGMT,