WiFi Authmodes are being shuffled on v5.1.1 (IDFGH-11372)

[bill88t]

Answers checklist.

• [X] I have read the documentation ESP-IDF Programming Guide and the issue is not addressed there.
• [X] I have updated my IDF branch (master or release) to the latest version and checked that the issue is present there.
• [X] I have searched the issue tracker for a similar issue and not found a similar issue.

IDF version.

v5.1.1

Espressif SoC revision.

ESP32-C6 ESP32 ESP32-S3 (and probably the rest)

Operating System used.

Linux

How did you build your project?

Command line with idf.py

If you are using Windows, please specify command line type.

None

Development Kit.

WeAct ESP32-C6, M5Stack Timer Camera X, Adafruit Feather ESP32-S3 TFT

Power Supply used.

USB

What is the expected behavior?

A wifi scan from my trustworthy thinkpad returns:

[bill88t@Thinkpood | ~/git/esp-idf-v5.1.1/examples/wifi/scan]> nmcli device wifi list
IN-USE  BSSID              SSID                     MODE   CHAN  RATE        SIGNAL  BARS  SECURITY       
*       3C:58:C2:93:D4:29  KeyFalse                 Infra  1     65 Mbit/s   63      ***   WPA1 WPA2 WPA3 
        8C:3B:AD:21:3D:1E  Forthnet-5DbGR_EXT       Infra  1     270 Mbit/s  55      **    WPA2           
        D4:60:E3:A9:77:D6  COSMOTE-478503           Infra  10    270 Mbit/s  50      **    WPA2           
        74:9D:79:64:BE:B4  VODAFONE_2081            Infra  1     270 Mbit/s  47      **    WPA1 WPA2      
        E0:19:54:42:2D:EA  WIND_2.4G_422DEA         Infra  4     130 Mbit/s  44      **    WPA2           
        E0:19:54:4E:4F:3F  Feline34                 Infra  9     270 Mbit/s  44      **    WPA1 WPA2      
        34:36:54:D2:F6:CB  Agis2                    Infra  1     130 Mbit/s  37      **    WPA1 WPA2      
        90:9A:4A:B3:23:7E  Deco                     Infra  5     270 Mbit/s  35      **    WPA2           
        E0:19:54:4E:4F:40  Feline34_5               Infra  40    270 Mbit/s  35      **    WPA1 WPA2      
        D4:60:E3:A9:77:DB  COSMOTE-478503           Infra  44    270 Mbit/s  35      **    WPA2           
        E0:0E:E4:C6:B7:C6  VODAFONE_8934            Infra  48    270 Mbit/s  35      **    WPA1 WPA2      
        08:AA:89:79:1B:91  WIND_791B90              Infra  52    270 Mbit/s  35      **    WPA2           
        0A:AA:89:7B:1B:91  --                       Infra  52    270 Mbit/s  35      **    WPA2           
        50:42:89:77:A7:C4  COSMOTE-cg29sh           Infra  60    270 Mbit/s  35      **    WPA2           
        74:9D:79:64:BE:B6  VODAFONE_2081            Infra  100   270 Mbit/s  35      **    WPA1 WPA2      
        50:42:89:77:A7:C3  COSMOTE-cg29sh           Infra  5     270 Mbit/s  34      **    WPA2           
        28:EE:52:24:61:1E  TP-Link_611E             Infra  2     270 Mbit/s  30      *     WPA1 WPA2      
        A0:95:7F:ED:2D:11  COSMOTE-141495           Infra  9     270 Mbit/s  30      *     WPA2           
        78:96:82:56:D9:69  Forthnet-5DbGR           Infra  1     270 Mbit/s  29      *     WPA1 WPA2      
        D4:76:EA:07:A2:E4  Forthnet-AKzTk           Infra  1     270 Mbit/s  29      *     WPA1 WPA2      
        24:D3:F2:9D:7C:F1  Vodafone_2.4G-00311      Infra  1     130 Mbit/s  29      *     WPA1 WPA2      
        28:77:77:F3:23:E4  COSMOTE-atk447           Infra  1     130 Mbit/s  29      *     WPA2           
        98:00:6A:0E:A5:A1  VODAFONE_WIFI_108-07306  Infra  1     130 Mbit/s  29      *     WPA1 WPA2      
        D8:21:DA:21:0B:D1  COSMOTE-893955           Infra  2     270 Mbit/s  29      *     WPA2           
        28:DE:A8:F4:9A:70  VODAFONE_H268Q-0294      Infra  6     130 Mbit/s  29      *     WPA2           
        70:89:76:CE:C9:19  SmartLife-C918           Infra  6     65 Mbit/s   29      *     --             
        F0:87:56:A4:B4:21  Zyxel_A4B421             Infra  7     270 Mbit/s  29      *     WPA2           
        8C:DE:F9:03:4F:57  --                       Infra  7     270 Mbit/s  29      *     WPA1 WPA2      
        28:D1:27:F8:81:D3  kostastia_plus           Infra  13    270 Mbit/s  29      *     WPA1 WPA2

What is the actual behavior?

Using wifi scan example (examples/wifi/scan) as is, with just flash parameters and speed changed, 10cm from the thinkpad's scan spot:

ESP-ROM:esp32c6-20220919
Build:Sep 19 2022
rst:0x1 (POWERON),boot:0x1c (SPI_FAST_FLASH_BOOT)
SPIWP:0xee
mode:DIO, clock div:2
load:0x4086c410,len:0x103c
load:0x4086e610,len:0x3460
load:0x40875728,len:0x2464
entry 0x4086c410
I (23) boot: ESP-IDF v5.1.1 2nd stage bootloader
I (24) boot: compile time Nov  2 2023 19:25:45
D (24) bootloader_flash: non-XMC chip detected by SFDP Read (C8), skip.
D (29) bootloader_flash: mmu set block paddr=0x00000000 (was 0xffffffff)
I (36) boot: chip revision: v0.0
D (40) qio_mode: Probing for QIO mode enable...
D (45) qio_mode: Raw SPI flash chip id 0xc84016
D (49) qio_mode: Manufacturer ID 0xc8 chip ID 0x4016
I (54) qio_mode: Enabling default flash chip QIO
D (60) qio_mode: Initial flash chip status 0x2
D (64) qio_mode: QIO mode already enabled in flash
D (69) qio_mode: Enabling QIO mode...
D (73) boot.esp32c6: magic e9
D (76) boot.esp32c6: segments 03
D (79) boot.esp32c6: spi_mode 02
D (82) boot.esp32c6: spi_speed 00
D (86) boot.esp32c6: spi_size 02
I (89) boot.esp32c6: SPI Speed      : 40MHz
I (94) boot.esp32c6: SPI Mode       : QIO
I (99) boot.esp32c6: SPI Flash Size : 4MB
D (103) boot: Enabling RTCWDT(9000 ms)
I (107) boot: Enabling RNG early entropy source...
D (113) bootloader_flash: rodata starts from paddr=0x00008000, size=0xc00, will be mapped to vaddr=0x42000000
V (122) bootloader_flash: after mapping, starting from paddr=0x00000000 and vaddr=0x42000000, 0x10000 bytes are mapped
D (133) boot: mapped partition table 0x8000 at 0x42008000
D (139) flash_parts: partition table verified, 4 entries
I (144) boot: Partition Table:
I (148) boot: ## Label            Usage          Type ST Offset   Length
D (155) boot: load partition table entry 0x42008000
D (160) boot: type=1 subtype=2
I (163) boot:  0 nvs              WiFi data        01 02 00009000 00006000
D (171) boot: load partition table entry 0x42008020
D (176) boot: type=1 subtype=1
I (179) boot:  1 phy_init         RF data          01 01 0000f000 00001000
D (186) boot: load partition table entry 0x42008040
D (191) boot: type=0 subtype=0
I (195) boot:  2 factory          factory app      00 00 00010000 00100000
I (202) boot: End of partition table
D (206) boot: Trying partition index -1 offs 0x10000 size 0x100000
D (213) esp_image: reading image header @ 0x10000
D (217) bootloader_flash: mmu set block paddr=0x00010000 (was 0xffffffff)
D (224) esp_image: image header: 0xe9 0x04 0x02 0x02 40800434
V (230) esp_image: loading segment header 0 at offset 0x10018
V (236) esp_image: segment data length 0x21710 data starts 0x10020
V (242) esp_image: segment 0 map_segment 1 segment_data_offs 0x10020 load_addr 0x42090020
I (250) esp_image: segment 0: paddr=00010020 vaddr=42090020 size=21710h (136976) map
D (259) esp_image: free data page_count 0x00000100
D (264) bootloader_flash: rodata starts from paddr=0x00010020, size=0x21710, will be mapped to vaddr=0x42000000
V (274) bootloader_flash: after mapping, starting from paddr=0x00010000 and vaddr=0x42000000, 0x30000 bytes are mapped
V (314) esp_image: loading segment header 1 at offset 0x31730
D (314) bootloader_flash: mmu set block paddr=0x00030000 (was 0xffffffff)
V (315) esp_image: segment data length 0xe8e0 data starts 0x31738
V (321) esp_image: segment 1 map_segment 0 segment_data_offs 0x31738 load_addr 0x40800000
I (329) esp_image: segment 1: paddr=00031738 vaddr=40800000 size=0e8e0h ( 59616) load
D (338) esp_image: free data page_count 0x00000100
D (343) bootloader_flash: rodata starts from paddr=0x00031738, size=0xe8e0, will be mapped to vaddr=0x42000000
V (353) bootloader_flash: after mapping, starting from paddr=0x00030000 and vaddr=0x42000000, 0x20000 bytes are mapped
V (378) esp_image: loading segment header 2 at offset 0x40018
D (378) bootloader_flash: mmu set block paddr=0x00040000 (was 0xffffffff)
V (379) esp_image: segment data length 0x89200 data starts 0x40020
V (385) esp_image: segment 2 map_segment 1 segment_data_offs 0x40020 load_addr 0x42000020
I (394) esp_image: segment 2: paddr=00040020 vaddr=42000020 size=89200h (561664) map
D (402) esp_image: free data page_count 0x00000100
D (407) bootloader_flash: rodata starts from paddr=0x00040020, size=0x89200, will be mapped to vaddr=0x42000000
V (417) bootloader_flash: after mapping, starting from paddr=0x00040000 and vaddr=0x42000000, 0x90000 bytes are mapped
V (546) esp_image: loading segment header 3 at offset 0xc9220
D (546) bootloader_flash: mmu set block paddr=0x000c0000 (was 0xffffffff)
V (547) esp_image: segment data length 0x6184 data starts 0xc9228
V (553) esp_image: segment 3 map_segment 0 segment_data_offs 0xc9228 load_addr 0x4080e8e0
I (561) esp_image: segment 3: paddr=000c9228 vaddr=4080e8e0 size=06184h ( 24964) load
D (570) esp_image: free data page_count 0x00000100
D (575) bootloader_flash: rodata starts from paddr=0x000c9228, size=0x6184, will be mapped to vaddr=0x42000000
V (585) bootloader_flash: after mapping, starting from paddr=0x000c0000 and vaddr=0x42000000, 0x10000 bytes are mapped
V (602) esp_image: image start 0x00010000 end of last section 0x000cf3ac
D (602) bootloader_flash: mmu set block paddr=0x000c0000 (was 0xffffffff)
D (609) boot: Calculated hash: 5ffdefcb95b94faef006507ae24020f19279b17b833be6eb5d294787b072cf7e
I (622) boot: Loaded app from partition at offset 0x10000
I (624) boot: Disabling RNG early entropy source...
D (630) boot: calling set_cache_and_start_app
D (634) boot: configure drom and irom and start
V (639) boot: rodata starts from paddr=0x00010020, vaddr=0x42090020, size=0x21710
V (646) boot: after mapping rodata, starting from paddr=0x00010000 and vaddr=0x42090000, 0x30000 bytes are mapped
V (656) boot: text starts from paddr=0x00040020, vaddr=0x42000020, size=0x89200
V (664) boot: after mapping text, starting from paddr=0x00040000 and vaddr=0x42000000, 0x90000 bytes are mapped
D (674) boot: start: 0x40800434
I (688) cpu_start: Unicore app
I (689) cpu_start: Pro cpu up.
W (698) clk: esp_perip_clk_init() has not been implemented yet
I (704) cpu_start: Pro cpu start user code
I (705) cpu_start: cpu freq: 160000000 Hz
I (705) cpu_start: Application information:
I (708) cpu_start: Project name:     scan
I (712) cpu_start: App version:      v5.1.1
I (717) cpu_start: Compile time:     Nov  2 2023 19:25:29
I (723) cpu_start: ELF file SHA256:  cb5071259c44f5b6...
I (729) cpu_start: ESP-IDF:          v5.1.1
I (734) cpu_start: Min chip rev:     v0.0
I (739) cpu_start: Max chip rev:     v0.99 
I (744) cpu_start: Chip rev:         v0.0
I (748) heap_init: Initializing. RAM available for dynamic allocation:
I (755) heap_init: At 40819470 len 000631A0 (396 KiB): D/IRAM
I (762) heap_init: At 4087C610 len 00002F54 (11 KiB): STACK/DIRAM
I (769) heap_init: At 50000000 len 00003FE8 (15 KiB): RTCRAM
I (776) spi_flash: detected chip: generic
I (780) spi_flash: flash io: qio
I (784) sleep: Configure to isolate all GPIO pins in sleep state
I (790) sleep: Enable automatic switching of GPIO sleep configuration
I (797) coexist: coex firmware version: 80b0d89
I (803) coexist: coexist rom version 5b8dcfa
I (808) app_start: Starting scheduler on CPU0
I (813) main_task: Started on CPU0
I (813) main_task: Calling app_main()
I (833) pp: pp rom version: 5b8dcfa
I (833) net80211: net80211 rom version: 5b8dcfa
I (843) wifi:wifi driver task: 4081f9e4, prio:23, stack:6656, core=0
I (843) wifi:wifi firmware version: ce9244d
I (843) wifi:wifi certification version: v7.0
I (843) wifi:config NVS flash: enabled
I (843) wifi:config nano formating: disabled
I (853) wifi:mac_version:HAL_MAC_ESP32AX_761,ut_version:N
I (853) wifi:Init data frame dynamic rx buffer num: 32
I (863) wifi:Init management frame dynamic rx buffer num: 32
I (863) wifi:Init management short buffer num: 32
I (873) wifi:Init dynamic tx buffer num: 32
I (873) wifi:Init static tx FG buffer num: 2
I (873) wifi:Init static rx buffer size: 1700
I (883) wifi:Init static rx buffer num: 10
I (883) wifi:Init dynamic rx buffer num: 32
I (893) wifi_init: rx ba win: 6
I (893) wifi_init: tcpip mbox: 32
I (893) wifi_init: udp mbox: 6
I (903) wifi_init: tcp mbox: 6
I (903) wifi_init: tcp tx win: 5744
I (903) wifi_init: tcp rx win: 5744
I (913) wifi_init: tcp mss: 1440
I (913) wifi_init: WiFi IRAM OP enabled
I (923) wifi_init: WiFi RX IRAM OP enabled
I (923) phy_init: phy_version 202,b4b3263,May 17 2023,20:14:14
W (983) wifi:(bf)761:0x600a7cac:0x01b4b4b0
W (983) wifi:(agc)0x600a7128:0xd219c800, min.avgNF:0xce->0xd2(dB), RCalCount:0x19c, min.RRssi:0x800(-128.00)
W (983) wifi:(TB)WDEV_PWR_TB_MCS0:19
W (983) wifi:(TB)WDEV_PWR_TB_MCS1:19
W (993) wifi:(TB)WDEV_PWR_TB_MCS2:19
W (993) wifi:(TB)WDEV_PWR_TB_MCS3:19
W (993) wifi:(TB)WDEV_PWR_TB_MCS4:19
W (1003) wifi:(TB)WDEV_PWR_TB_MCS5:19
W (1003) wifi:(TB)WDEV_PWR_TB_MCS6:18
W (1003) wifi:(TB)WDEV_PWR_TB_MCS7:18
W (1013) wifi:(TB)WDEV_PWR_TB_MCS8:17
W (1013) wifi:(TB)WDEV_PWR_TB_MCS9:15
W (1013) wifi:(TB)WDEV_PWR_TB_MCS10:15
W (1023) wifi:(TB)WDEV_PWR_TB_MCS11:15
I (1023) wifi:11ax coex: WDEVAX_PTI0(0x55777555), WDEVAX_PTI1(0x00003377).

I (1033) wifi:mode : sta (40:4c:ca:41:ff:54)
I (1033) wifi:enable tsf
I (3543) scan: Total APs scanned = 24
I (3543) scan: SSID             KeyFalse
I (3543) scan: RSSI             -60
I (3543) scan: Authmode         WIFI_AUTH_OPEN
I (3543) scan: Pairwise Cipher  WIFI_CIPHER_TYPE_CCMP
I (3553) scan: Group Cipher     WIFI_CIPHER_TYPE_CCMP
I (3553) scan: Channel          1

I (3563) scan: SSID             Forthnet-5DbGR_EXT
I (3563) scan: RSSI             -72
I (3563) scan: Authmode         WIFI_AUTH_WPA2_PSK
I (3573) scan: Pairwise Cipher  WIFI_CIPHER_TYPE_CCMP
I (3573) scan: Group Cipher     WIFI_CIPHER_TYPE_CCMP
I (3583) scan: Channel          1

I (3583) scan: SSID             Agis2
I (3593) scan: RSSI             -74
I (3593) scan: Authmode         WIFI_AUTH_WPA_WPA2_PSK
I (3593) scan: Pairwise Cipher  WIFI_CIPHER_TYPE_TKIP_CCMP
I (3603) scan: Group Cipher     WIFI_CIPHER_TYPE_TKIP
I (3613) scan: Channel          1

I (3613) scan: SSID             WIND_2.4G_422DEA
I (3613) scan: RSSI             -74
I (3623) scan: Authmode         WIFI_AUTH_WPA2_PSK
I (3623) scan: Pairwise Cipher  WIFI_CIPHER_TYPE_CCMP
I (3633) scan: Group Cipher     WIFI_CIPHER_TYPE_CCMP
I (3633) scan: Channel          4

I (3643) scan: SSID             COSMOTE-893955
I (3643) scan: RSSI             -75
I (3643) scan: Authmode         WIFI_AUTH_WPA2_PSK
I (3653) scan: Pairwise Cipher  WIFI_CIPHER_TYPE_CCMP
I (3663) scan: Group Cipher     WIFI_CIPHER_TYPE_CCMP
I (3663) scan: Channel          2

I (3663) scan: SSID             VODAFONE_8934
I (3673) scan: RSSI             -75
I (3673) scan: Authmode         WIFI_AUTH_WPA_WPA2_PSK
I (3683) scan: Pairwise Cipher  WIFI_CIPHER_TYPE_CCMP
I (3683) scan: Group Cipher     WIFI_CIPHER_TYPE_TKIP
I (3693) scan: Channel          4

I (3693) scan: SSID             COSMOTE-478503
I (3703) scan: RSSI             -75
I (3703) scan: Authmode         WIFI_AUTH_WPA2_PSK
I (3703) scan: Pairwise Cipher  WIFI_CIPHER_TYPE_CCMP
I (3713) scan: Group Cipher     WIFI_CIPHER_TYPE_CCMP
I (3723) scan: Channel          8

I (3723) scan: SSID             COSMOTE-cg29sh
I (3723) scan: RSSI             -79
I (3733) scan: Authmode         WIFI_AUTH_WPA2_PSK
I (3733) scan: Pairwise Cipher  WIFI_CIPHER_TYPE_CCMP
I (3743) scan: Group Cipher     WIFI_CIPHER_TYPE_CCMP
I (3743) scan: Channel          5

I (3753) scan: SSID             Feline34
I (3753) scan: RSSI             -79
I (3753) scan: Authmode         WIFI_AUTH_WPA_WPA2_PSK
I (3763) scan: Pairwise Cipher  WIFI_CIPHER_TYPE_TKIP_CCMP
I (3763) scan: Group Cipher     WIFI_CIPHER_TYPE_TKIP
I (3773) scan: Channel          9

I (3773) scan: SSID             Forthnet-AKzTk
I (3783) scan: RSSI             -81
I (3783) scan: Authmode         WIFI_AUTH_WPA_WPA2_PSK
I (3793) scan: Pairwise Cipher  WIFI_CIPHER_TYPE_CCMP
I (3793) scan: Group Cipher     WIFI_CIPHER_TYPE_CCMP
I (3803) scan: Channel          1

I (3803) scan: SSID             DIRECT-9C-EPSON-9BE28C
I (3813) scan: RSSI             -84
I (3813) scan: Authmode         WIFI_AUTH_WPA2_PSK
I (3813) scan: Pairwise Cipher  WIFI_CIPHER_TYPE_CCMP
I (3823) scan: Group Cipher     WIFI_CIPHER_TYPE_CCMP
I (3833) scan: Channel          1

I (3833) scan: SSID             WIND_2.4G_9DE02B
I (3833) scan: RSSI             -84
I (3843) scan: Authmode         WIFI_AUTH_WPA2_PSK
I (3843) scan: Pairwise Cipher  WIFI_CIPHER_TYPE_CCMP
I (3853) scan: Group Cipher     WIFI_CIPHER_TYPE_CCMP
I (3853) scan: Channel          13

I (3863) scan: SSID             VODAFONE_WIFI_108-07306
I (3863) scan: RSSI             -85
I (3863) scan: Authmode         WIFI_AUTH_WPA_WPA2_PSK
I (3873) scan: Pairwise Cipher  WIFI_CIPHER_TYPE_TKIP_CCMP
I (3883) scan: Group Cipher     WIFI_CIPHER_TYPE_TKIP
I (3883) scan: Channel          1

I (3893) scan: SSID             VODAFONE_7013
I (3893) scan: RSSI             -85
I (3893) scan: Authmode         WIFI_AUTH_WPA_WPA2_PSK
I (3903) scan: Pairwise Cipher  WIFI_CIPHER_TYPE_CCMP
I (3903) scan: Group Cipher     WIFI_CIPHER_TYPE_TKIP
I (3913) scan: Channel          6

I (3913) scan: SSID             VODAFONE_H268Q-0294
I (3923) scan: RSSI             -87
I (3923) scan: Authmode         WIFI_AUTH_WPA2_PSK
I (3933) scan: Pairwise Cipher  WIFI_CIPHER_TYPE_CCMP
I (3933) scan: Group Cipher     WIFI_CIPHER_TYPE_CCMP
I (3943) scan: Channel          6

I (3943) scan: SSID             Zyxel_A4B421
I (3943) scan: RSSI             -87
I (3953) scan: Authmode         WIFI_AUTH_WPA2_PSK
I (3953) scan: Pairwise Cipher  WIFI_CIPHER_TYPE_CCMP
I (3963) scan: Group Cipher     WIFI_CIPHER_TYPE_CCMP
I (3963) scan: Channel          7

I (3973) scan: SSID             pm10
I (3973) scan: RSSI             -87
I (3973) scan: Authmode         WIFI_AUTH_WPA2_PSK
I (3983) scan: Pairwise Cipher  WIFI_CIPHER_TYPE_CCMP
I (3983) scan: Group Cipher     WIFI_CIPHER_TYPE_CCMP
I (3993) scan: Channel          8

I (3993) scan: SSID             KOULA_NET
I (4003) scan: RSSI             -87
I (4003) scan: Authmode         WIFI_AUTH_WPA_WPA2_PSK
I (4013) scan: Pairwise Cipher  WIFI_CIPHER_TYPE_TKIP_CCMP
I (4013) scan: Group Cipher     WIFI_CIPHER_TYPE_TKIP
I (4023) scan: Channel          11

I (4023) scan: SSID             COSMOTE-ktb6ut
I (4033) scan: RSSI             -87
I (4033) scan: Authmode         WIFI_AUTH_WPA2_PSK
I (4033) scan: Pairwise Cipher  WIFI_CIPHER_TYPE_CCMP
I (4043) scan: Group Cipher     WIFI_CIPHER_TYPE_CCMP
I (4043) scan: Channel          11

I (4053) scan: SSID             Deco
I (4053) scan: RSSI             -89
I (4063) scan: Authmode         WIFI_AUTH_WPA2_PSK
I (4063) scan: Pairwise Cipher  WIFI_CIPHER_TYPE_CCMP
I (4073) scan: Group Cipher     WIFI_CIPHER_TYPE_CCMP
I (4073) scan: Channel          5

I (4073) main_task: Returned from app_main()

Steps to reproduce.

Unkown.

Debug Logs.

No response

More Information.

The network "KeyFalse" in question is a linux computer with NetworkManager doing the hotspot with it's motherboard's wifi. The full connection parameters are as follows:

[bill88t@KeyFalse | ~]> nmcli connection show Hotspot | cat
connection.id:                          Hotspot
connection.uuid:                        03f6d7cb-3162-47cb-ab51-3f2179af0336
connection.stable-id:                   --
connection.type:                        802-11-wireless
connection.interface-name:              --
connection.autoconnect:                 yes
connection.autoconnect-priority:        -100
connection.autoconnect-retries:         -1 (default)
connection.multi-connect:               0 (default)
connection.auth-retries:                -1
connection.timestamp:                   1698946073
connection.permissions:                 --
connection.zone:                        trusted
connection.master:                      --
connection.slave-type:                  --
connection.autoconnect-slaves:          -1 (default)
connection.secondaries:                 --
connection.gateway-ping-timeout:        0
connection.metered:                     unknown
connection.lldp:                        default
connection.mdns:                        -1 (default)
connection.llmnr:                       -1 (default)
connection.dns-over-tls:                -1 (default)
connection.mptcp-flags:                 0x0 (default)
connection.wait-device-timeout:         -1
connection.wait-activation-delay:       -1
802-11-wireless.ssid:                   KeyFalse
802-11-wireless.mode:                   ap
802-11-wireless.band:                   bg
802-11-wireless.channel:                1
802-11-wireless.bssid:                  --
802-11-wireless.mac-address:            3C:58:C2:93:D4:29
802-11-wireless.cloned-mac-address:     --
802-11-wireless.generate-mac-address-mask:--
802-11-wireless.mac-address-blacklist:  --
802-11-wireless.mac-address-randomization:default
802-11-wireless.mtu:                    auto
802-11-wireless.seen-bssids:            3C:58:C2:93:D4:29
802-11-wireless.hidden:                 no
802-11-wireless.powersave:              0 (default)
802-11-wireless.wake-on-wlan:           0x1 (default)
802-11-wireless.ap-isolation:           -1 (default)
802-11-wireless-security.key-mgmt:      wpa-psk
802-11-wireless-security.wep-tx-keyidx: 0
802-11-wireless-security.auth-alg:      --
802-11-wireless-security.proto:         --
802-11-wireless-security.pairwise:      ccmp
802-11-wireless-security.group:         ccmp
802-11-wireless-security.pmf:           0 (default)
802-11-wireless-security.leap-username: --
802-11-wireless-security.wep-key0:      <hidden>
802-11-wireless-security.wep-key1:      <hidden>
802-11-wireless-security.wep-key2:      <hidden>
802-11-wireless-security.wep-key3:      <hidden>
802-11-wireless-security.wep-key-flags: 0 (none)
802-11-wireless-security.wep-key-type:  unknown
802-11-wireless-security.psk:           <hidden>
802-11-wireless-security.psk-flags:     0 (none)
802-11-wireless-security.leap-password: <hidden>
802-11-wireless-security.leap-password-flags:0 (none)
802-11-wireless-security.wps-method:    0x0 (default)
802-11-wireless-security.fils:          0 (default)
ipv4.method:                            shared
ipv4.dns:                               --
ipv4.dns-search:                        --
ipv4.dns-options:                       --
ipv4.dns-priority:                      0
ipv4.addresses:                         --
ipv4.gateway:                           --
ipv4.routes:                            --
ipv4.route-metric:                      -1
ipv4.route-table:                       0 (unspec)
ipv4.routing-rules:                     --
ipv4.replace-local-rule:                -1 (default)
ipv4.ignore-auto-routes:                no
ipv4.ignore-auto-dns:                   no
ipv4.dhcp-client-id:                    --
ipv4.dhcp-iaid:                         --
ipv4.dhcp-timeout:                      0 (default)
ipv4.dhcp-send-hostname:                yes
ipv4.dhcp-hostname:                     --
ipv4.dhcp-fqdn:                         --
ipv4.dhcp-hostname-flags:               0x0 (none)
ipv4.never-default:                     no
ipv4.may-fail:                          yes
ipv4.required-timeout:                  -1 (default)
ipv4.dad-timeout:                       -1 (default)
ipv4.dhcp-vendor-class-identifier:      --
ipv4.link-local:                        0 (default)
ipv4.dhcp-reject-servers:               --
ipv4.auto-route-ext-gw:                 -1 (default)
ipv6.method:                            ignore
ipv6.dns:                               --
ipv6.dns-search:                        --
ipv6.dns-options:                       --
ipv6.dns-priority:                      0
ipv6.addresses:                         --
ipv6.gateway:                           --
ipv6.routes:                            --
ipv6.route-metric:                      -1
ipv6.route-table:                       0 (unspec)
ipv6.routing-rules:                     --
ipv6.replace-local-rule:                -1 (default)
ipv6.ignore-auto-routes:                no
ipv6.ignore-auto-dns:                   no
ipv6.never-default:                     no
ipv6.may-fail:                          yes
ipv6.required-timeout:                  -1 (default)
ipv6.ip6-privacy:                       -1 (unknown)
ipv6.addr-gen-mode:                     stable-privacy
ipv6.ra-timeout:                        0 (default)
ipv6.mtu:                               auto
ipv6.dhcp-pd-hint:                      --
ipv6.dhcp-duid:                         --
ipv6.dhcp-iaid:                         --
ipv6.dhcp-timeout:                      0 (default)
ipv6.dhcp-send-hostname:                yes
ipv6.dhcp-hostname:                     --
ipv6.dhcp-hostname-flags:               0x0 (none)
ipv6.auto-route-ext-gw:                 -1 (default)
ipv6.token:                             --
proxy.method:                           none
proxy.browser-only:                     no
proxy.pac-url:                          --
proxy.pac-script:                       --
GENERAL.NAME:                           Hotspot
GENERAL.UUID:                           03f6d7cb-3162-47cb-ab51-3f2179af0336
GENERAL.DEVICES:                        wlp2s0
GENERAL.IP-IFACE:                       wlp2s0
GENERAL.STATE:                          activated
GENERAL.DEFAULT:                        no
GENERAL.DEFAULT6:                       no
GENERAL.SPEC-OBJECT:                    /org/freedesktop/NetworkManager/AccessPoint/14
GENERAL.VPN:                            no
GENERAL.DBUS-PATH:                      /org/freedesktop/NetworkManager/ActiveConnection/3
GENERAL.CON-PATH:                       /org/freedesktop/NetworkManager/Settings/4
GENERAL.ZONE:                           trusted
GENERAL.MASTER-PATH:                    --
IP4.ADDRESS[1]:                         10.42.0.1/24
IP4.GATEWAY:                            --
IP4.ROUTE[1]:                           dst = 10.42.0.0/24, nh = 0.0.0.0, mt = 600
IP6.ADDRESS[1]:                         fe80::3e58:c2ff:fe93:d429/64
IP6.GATEWAY:                            --
IP6.ROUTE[1]:                           dst = fe80::/64, nh = ::, mt = 256

Under random chance, during the day, other networks, frequently "Feline34" which is also mine appears also as OPEN. That network is a standard isp provided router and it's pretty old.

This issue is in fact not a dupe of https://github.com/espressif/esp-idf/issues/11202 as there are no Enterprise networks in the vicinity.

[bill88t]

Retested with latest master (commit 294c2bd70d3fc6e5fefee627a7f2007f7b255709). No changes (it's broken in master too).

[AxelLin]

@sarveshb14 @nachiketkukade Any update? Will v5.1.2 fix this issue?

[jack0c]

@AxelLin sorry that not fix this in v5.1.2. Currently esp-idf consider WPA/WPA2/WPA3 an invalid auth mode. Will consider how to fix this, and add it in v5.2 and v5.1.3.

[sarveshb14]

Hi @bill88t @AxelLin, Sorry for making you wait.

As per WPA3 Specification, AP shall not enable WPA version 1 on the same BSS with WPA3-Personal modes.

I agree that scan results should not show authentication mode of such AP as OPEN.

We will consider security of such AP as WPA2 WPA3 (i.e. ignoring the weaker WPA version 1 security) and will provide an update for this soon.

[bill88t]

wpa_supplicant is probably at fault. I will try to file a bug to them too.

[bill88t]

Also, the network KeyFalse is set to WPA2, not WPA3. I don't know if NetworkManager does something on it's own, but my phone thinks it's WPA3 too. Does WiFi4 even support WPA3???

[sarveshb14]

Hi @bill88t , Can you please 1) Check in which security mode does the esp-device gets connected with this AP and provide logs. 2) Provide wireless sniffer capture of the beacon transmitted by this AP.

ESP-device should be able to connect with WPA3-SAE security. This is a screenshot from my local run with AP configured with WPA-WPA2-WPA3 mode.

---

I don't know if NetworkManager does something on it's own, but my phone thinks it's WPA3 too.

If phone sees AKM suite SAE and management frame protection capabilities in beacons of AP, phone will consider this AP as a WPA3 AP. Packet capture will be helpful here in determining the security mode.

[bill88t]

I ran the connection example from C6, S2 and C3, all of which say it's WPA2-PSK, which is correct.

The network configuration is as follows:

I also set my thinkpad in "monitor mode" and captured all the wifi 802.11 traffic. During the capture, I performed a lot of connections from both the phone and esp32-c6.

I do not know how to read it though.

[sarveshb14]

Thank you providing the capture. KeyFalse AP is on channel 1 while sniffer capture is of channel 10. Can you please take sniffer capture of channel 1 or start the AP on channel 10 ?

---

Does this same configuration shows WPA WPA2 WPA3 security in the output of nmcli device wifi list ?

[bill88t]

Can you please take sniffer capture of channel 1 or start the AP on channel 10 ?

Alright, sorry for the wait, I captured channel 1 this time. ch1.zip While the capture was running I connected to the network "KeyFalse" with an ESP32-C6 and the phone.

Does this same configuration shows WPA WPA2 WPA3 security in the output of nmcli device wifi list ?

Yes.

[sarveshb14]

Here, AP does not advertise Management Frame Protection RSN capabilities , so in my opinion station not connecting in WPA3 mode is right.

[bill88t]

Yes, it should use WPA2. I don't think WPA3 would work for these networks.

We will consider security of such AP as WPA2 WPA3 (i.e. ignoring the weaker WPA version 1 security) and will provide an update for this soon.

Maybe it should be reported as WPA2, not WPA2 WPA3. I think it being detected as WPA3 is a mistake.

[sarveshb14]

Maybe it should be reported as WPA2, not WPA2 WPA3

You are right. If AP does not follow WPA3, we will treat this AP as WPA_WPA2 . If it follows WPA3, this will be treated as WPA2_WPA3

[sarveshb14]

Hi @bill88t , we have merged above discussed changes into master branch now. It will be available on next v5.1 tag (i.e. v5.1.3)

Thank you for your support

[0xFEEDC0DE64]

is it already in master? we are also affected by this bug and I would like to know which commit in master fixed the issue to start my rebases on

[bill88t]

I don't think so. I did test master 2 weeks ago with the latest commit and didn't see any changes. I also can't find the related commit in the commit log.

It's possible the fix has been applied downstream and we will see it with the release. I don't know how espressif works. In either case, I don't know.

[sarveshb14]

Hi @0xFEEDC0DE64 , @bill88t . Sorry for making you wait. Fix is merged in internal repository. Push to github It is stalled due to internal CI. It will soon be available on github.

[bill88t]

No problem, thanks for letting us know!

[sarveshb14]

It will soon be available on github.

It is available now. (615d928a)

[bill88t]

Can confirm, this fixed the issue. Thanks!

[AxelLin]

Hi @bill88t , we have merged above discussed changes into master branch now. It will be available on next v5.1 tag (i.e. v5.1.3)

@sarveshb14 v5.1.3 does not include this fix.

[sarveshb14]

Hi @AxelLin @bill88t , We will include this in next release of v5.1. Apologies for the inconvenience caused.

[0xFEEDC0DE64]

I can confirm an update to latest esp-idf has fixed all problems for us, thank you