Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

TKIP is used as group cipher and offered as pairwise cipher. #4052

Closed
1 task done
Frostie314159 opened this issue Jul 11, 2024 · 8 comments
Closed
1 task done

TKIP is used as group cipher and offered as pairwise cipher. #4052

Frostie314159 opened this issue Jul 11, 2024 · 8 comments
Labels
enhancement help wanted

Comments

@Frostie314159
Copy link

What happened?

On the event where I am right now, there are a lot of ESPs with WLED. Looking at the Wi-Fi beacons with monitor mode reveals, that all of them use TKIP as the group cipher suite and offer it optionally as a pairwise cipher suite. TKIP has been deprecated for over a decade by now.

To Reproduce Bug

Use WLED and observe the beacons in monitor mode. I have a pcap file with the beacon frame.

Expected Behavior

Disable TKIP entirely and use just CCMP. Possibly even enable management frame protection optionally.
wled_cap.pcapng.gz

Install Method

Binary from WLED.me

What version of WLED?

all

Which microcontroller/board are you seeing the problem on?

ESP8266

Relevant log/trace output

No response

Anything else?

I'm unsure about the specific revisions of the boards and software used, since I'm just looking at beacons.

Code of Conduct

  • I agree to follow this project's Code of Conduct
@blazoncek
Copy link
Collaborator

Googling around revealed no information on how to change cipher from TKIP to CCMP.
It would be helpful to provide some information on how to do that.

@Frostie314159
Copy link
Author

What library are you using? Esp wifi should be capable of doing this.

@blazoncek
Copy link
Collaborator

What library are you using? Esp wifi should be capable of doing this.

Can you provide a sample? Using Arduino 2.0.9 framework using standard/embedded WiFi library.

@softhack007
Copy link
Collaborator

Found one hint

@blazoncek
Copy link
Collaborator

Thanks @softhack007 I've seen it mentioned in framework sources but no example on how to set it up.
Following through issues it looks like this was changed/implemented in Arduino core 2.0.0. And only for ESP32.

@Frostie314159 have you tried 0.15 with ESP32 or just 0.14 (or below) and ESP8266?

I am inclined to close this issue as it is not related to WLED but rather Arduino implementation of SoftAP.

@Frostie314159
Copy link
Author

Yeah, this can be closed, I'm going to proceed with investigating this on the Arduino side.

@Frostie314159 Frostie314159 mentioned this issue Jul 13, 2024
Open
5 tasks
@Aircoookie
Copy link
Owner

OK, this sucks. TKIP is broken and I can't wrap my head around why there isn't an option to disable it if AES is supported on ESP8266...
See esp8266/Arduino#7825 and espressif/ESP8266_NONOS_SDK#351

For clarification, this insecure cipher affects ESP8266 in AP mode. ESP32 uses CCMP only today, as it should be.

@Frostie314159
Copy link
Author

I've already opened an issue on the esp8266 Arduino core repo, but haven't received a response yet. The code is also extremely hard to read, so I wasn't able to trace the source myself.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement help wanted
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@blazoncek @Aircoookie @Frostie314159 @softhack007