hostapd: enforce CCMP WPA cipher if hwmode is 11ng or 11na

SVN-Revision: 22000

package/hostapd/files/hostapd.sh

@@ -7,6 +7,9 @@ hostapd_set_bss_options() {
 	config_get wpa_group_rekey "$vif" wpa_group_rekey
 	config_get_bool ap_isolate "$vif" isolate 0
 
+	config_get device "$vif" device
+	config_get hwmode "$device" hwmode
+
 	if [ "$ap_isolate" -gt 0 ]; then
 		append "$var" "ap_isolate=$ap_isolate" "$N"
 	fi
@@ -43,6 +46,11 @@ hostapd_set_bss_options() {
 		*tkip) crypto="TKIP";;
 	esac
 
+	# enforce CCMP for 11ng and 11na
+	case "$hwmode" in
+		*ng|*na) crypto="CCMP";;
+	esac
+
 	# use crypto/auth settings for building the hostapd config
 	case "$enc" in
 		*psk*)