In theory, these ciphers are supplied easily in software, but this requires some community intelligence to be realized.
@Dirk: no amount of forcing the connection from NM (Security: WPA/WPA2 Personal), then tweaking the connection with nmcli does result in a successful connect.
If forcing the connection security to "WPA3 Personal", the connection settings are:
802-11-wireless-security.key-mgmt: sae
802-11-wireless-security.pmf: 3 (required)
With WPA/WPA2 Personal:
802-11-wireless-security.key-mgmt: wpa-psk
802-11-wireless-security.pmf: 0 (default)
Also tried:
802-11-wireless-security.key-mgmt: wpa-psk
802-11-wireless-security.pmf: 1 (disable)
@B, you can check this yourself with:
$ nmcli connection show
Look up your specific connection.
$ nmcli connection show <uuid>
Specifically:
$ nmcli connection show <uuid> | grep -E 'key-mgmt|pmf'
In my humble opinion, wpa_supplicant should test for sufficient ciphers, and not even try to connect with WPA3 otherwise. Will report this to the wpa_supplicant mailing list, but need to subscribe first...
Meanwhile, I'm pretty confident, this is the culprit:
$ iw phy0 info | grep -A9 'Supported Ciphers'
Supported Ciphers:
* WEP40 (00-0f-ac:1)
* WEP104 (00-0f-ac:5)
* TKIP (00-0f-ac:2)
* CCMP-128 (00-0f-ac:4)
* CCMP-256 (00-0f-ac:10)
* GCMP-128 (00-0f-ac:8)
* GCMP-256 (00-0f-ac:9)
while for your working config, it's
Supported Ciphers:
* WEP40 (00-0f-ac:1)
* WEP104 (00-0f-ac:5)
* TKIP (00-0f-ac:2)
* CCMP-128 (00-0f-ac:4)
* CCMP-256 (00-0f-ac:10)
* GCMP-128 (00-0f-ac:8)
* GCMP-256 (00-0f-ac:9)
* CMAC (00-0f-ac:6)
* CMAC-256 (00-0f-ac:13)
* GMAC-128 (00-0f-ac:11)
* GMAC-256 (00-0f-ac:12)
For PMF, these are required:
* CMAC (00-0f-ac:6)
* GMAC-128 (00-0f-ac:11)
* GMAC-256 (00-0f-ac:12)
Your RTL provides them, our old Intel miss them.
In theory, these ciphers are supplied easily in software, but this requires some community intelligence to be realized.
@Dirk: no amount of forcing the connection from NM (Security: WPA/WPA2 Personal), then tweaking the connection with nmcli does result in a successful connect.
If forcing the connection security to "WPA3 Personal", the connection settings are: wireless- security. key-mgmt: sae wireless- security. pmf: 3 (required)
802-11-
802-11-
With WPA/WPA2 Personal: wireless- security. key-mgmt: wpa-psk wireless- security. pmf: 0 (default)
802-11-
802-11-
Also tried: wireless- security. key-mgmt: wpa-psk wireless- security. pmf: 1 (disable)
802-11-
802-11-
@B, you can check this yourself with:
$ nmcli connection show
Look up your specific connection.
$ nmcli connection show <uuid>
Specifically:
$ nmcli connection show <uuid> | grep -E 'key-mgmt|pmf'
In my humble opinion, wpa_supplicant should test for sufficient ciphers, and not even try to connect with WPA3 otherwise. Will report this to the wpa_supplicant mailing list, but need to subscribe first...