From: James Prestwood <prestwoj@gmail.com>
To: Bryce Johnson <bryce@redpinelabs.com>
Cc: iwd@lists.linux.dev
Subject: Re: Is there a way to manually force the security protocol with IWD?
Date: Fri, 30 Jan 2026 07:07:23 -0800 [thread overview]
Message-ID: <4ab7e9b9-be27-402b-834c-3e71bd58a476@gmail.com> (raw)
In-Reply-To: <CADXxVS+_B2r0yAUKKD5X_xJ6GmfkfkngwW_XHQyti=+9cMmzqg@mail.gmail.com>
Hi,
On 1/30/26 7:01 AM, Bryce Johnson wrote:
> Hi James
>
> On Fri, Jan 30, 2026 at 7:48 AM James Prestwood <prestwoj@gmail.com> wrote:
>> Hi Bryce,
>>
>> On 1/30/26 6:43 AM, Bryce Johnson wrote:
>>> Hi All
>>> We are working to get our product through wifi certification. Our
>>> testing company mentioned there was several negative test cases that
>>> were failing where IWD was connecting anyways because it would decide
>>> on the security type based on the AP. Is there a way to force IWD to
>>> use a security type that is different than the AP so it would fail the
>>> connection? Can we disable WPA1-only connection or force WPA2 only
>>> connection?
>> There unfortunately isn't at the moment. We do have a "developer mode"
>> by specifying "-E" to IWD and this seems like it would fall into that
>> category, support would need to be added of course.
>>
>> But I'm somewhat confused (and maybe this is just poor test cases by
>> WFA?), why would you need to certify that IWD fails when using a
>> different security type than the AP? A client should not ever use a
>> security type the AP doesn't advertise support for... This feels like
>> its testing the AP, not IWD :)
>>
> I'm was requesting what test case fails and if I could get a copy of
> it. The only thing I can think of is that they want to disable WPA1
> for example and show that the device won't connect to a WPA1 only AP.
> Or maybe for a product you only want to connect WPA3 and fail and not
> connect or not allow the AP to downgrade the connection.
Yeah I'd be interested in the test case.
>
> Maybe it would make sense to allow a blacklist of protocols you won't
> allow IWD to use? For our product we wouldn't allow open or WEP
> connections for example (but we perform that check outside of IWD).
IWD already won't connect to a WEP network, so we're ok there. You may
be able to coax out some behavior with the following options:
main.conf
[General].ManagementFrameProtection
network profile:
[Settings].TransitionDisable
[Settings].DisabledTransitionModes
Anyways, lets hope you can get the test case. Shouldn't be too hard to
add some support for specific test/dev type requirements.
Thanks,
James
>
>>> Thanks
>>> Bryce
>>>
next prev parent reply other threads:[~2026-01-30 15:07 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-01-30 14:43 Is there a way to manually force the security protocol with IWD? Bryce Johnson
2026-01-30 14:48 ` James Prestwood
2026-01-30 15:01 ` Bryce Johnson
2026-01-30 15:07 ` James Prestwood [this message]
2026-01-30 17:21 ` Bryce Johnson
2026-01-30 17:36 ` James Prestwood
2026-01-30 17:39 ` Denis Kenzior
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4ab7e9b9-be27-402b-834c-3e71bd58a476@gmail.com \
--to=prestwoj@gmail.com \
--cc=bryce@redpinelabs.com \
--cc=iwd@lists.linux.dev \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox