Change ifconfig wpaakms default setting to `psk' instead of `psk,802.1x'.

Some supplicants will autoselect 802.1X without giving users the
possibility to choose between PSK or 802.1X.

Similarly, no longer announce `PSK with SHA-256 based KDF' AKMP (defined
in Draft 802.11w) by default in the RSN IE of beacons and probe responses
as it confuses some broken supplicants.  This kind of sacrifies security
for interoperability with shitty (but unfortunately widespread) clients
that do not follow the 802.11 standard properly.
This fixes associations from Intel PROSet on XP and also reportedly fixes
some Mac OS clients.  I will likely make `psk-sha256' configurable through
ifconfig wpaakms after the 4.5 release.

1 files changed, 2 insertions, 3 deletions

diff --git a/sys/net80211/ieee80211_crypto.c b/sys/net80211/ieee80211_crypto.c
index c6a6a165cbf..64ab098eae5 100644
--- a/sys/net80211/ieee80211_crypto.c
+++ b/sys/net80211/ieee80211_crypto.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: ieee80211_crypto.c,v 1.57 2009/01/26 19:09:41 damien Exp $	*/
+/*	$OpenBSD: ieee80211_crypto.c,v 1.58 2009/02/13 17:24:54 damien Exp $	*/
 
 /*-
  * Copyright (c) 2008 Damien Bergamini <damien.bergamini@free.fr>
@@ -67,8 +67,7 @@ ieee80211_crypto_attach(struct ifnet *ifp)
 	TAILQ_INIT(&ic->ic_pmksa);
 	if (ic->ic_caps & IEEE80211_C_RSN) {
 		ic->ic_rsnprotos = IEEE80211_PROTO_WPA | IEEE80211_PROTO_RSN;
-		ic->ic_rsnakms = IEEE80211_AKM_PSK | IEEE80211_AKM_SHA256_PSK |
-		    IEEE80211_AKM_8021X | IEEE80211_AKM_SHA256_8021X;
+		ic->ic_rsnakms = IEEE80211_AKM_PSK;
 		ic->ic_rsnciphers = IEEE80211_CIPHER_TKIP |
 		    IEEE80211_CIPHER_CCMP;
 		ic->ic_rsngroupcipher = IEEE80211_CIPHER_TKIP;