Default WPA3-SAE config causes incompatibility with some clients

Hi, I'm new here and this is my first post so please forgive/correct me if I'm doing or saying anything wrong.

My setup:
Asus ZenWiFi BT8 running OpenWrt 25.12.0-rc5
5GHz radio configured as an AP using WPA3-SAE encryption
wpad-basic-mbedtls (I tried wpad-openssl and wpad-wolfssl and neither changed anything)
Google Pixel 10

I just switched my router over to OpenWrt, and tried to mirror the AP setup I had on stock firmware, and while almost all of my clients switched over with no issues, my Google Pixel 10 wouldn't connect, giving random vague errors such as "Disabled", "Check password and try again", and "Connection failure".

I got the debug logs from my phone using adb shell logcat | grep wpa_supplicant, but couldn't make much sense of them. Here they are in case they mean something to anyone else:

wpa_supplicant: wlan0: Trying to associate with SSID 'OpenWrt'
wpa_supplicant: assoc key_mgmt 0x400 network key_mgmt 0xc00
wpa_supplicant: wlan0: nl80211: kernel reports: multicast RX registrations are not supported
wpa_supplicant: [DHD]< 2577.007182> wl_cfgvendor_send_supp_eventstring: [wlan0] Connecting with ff:xx:xx:xx:xf:ff ssid "OpenWrt",chan_cnt:1
wpa_supplicant: [DHD]< 2577.183479> wl_cfgvendor_send_supp_eventstring: [wlan0] Mode:0 event:3 status:0x0 reason:126
wpa_supplicant: [DHD]< 2577.193297> wl_cfgvendor_send_supp_eventstring: [wlan0] Mode:0 event:3 status:0x0 reason:0
wpa_supplicant: wlan0: PMKSA-CACHE-ADDED <redacted-bssid> 0
wpa_supplicant: [DHD]< 2577.206039> wl_cfgvendor_send_supp_eventstring: [wlan0] Mode:0 event:88 status:0x1 reason:1
wpa_supplicant: [DHD]< 2577.206353> wl_cfgvendor_send_supp_eventstring: [wlan0] Mode:0 event:0 status:0x1 reason:0
wpa_supplicant: wlan0: CTRL-EVENT-ASSOC-REJECT bssid=<redacted-bssid> status_code=1
wpa_supplicant: wlan0: PMKSA-CACHE-REMOVED <redacted-bssid> 0

And here are logs from successfully connecting to a (non-openwrt) working AP (also using WPA3)

wpa_supplicant: wlan0: Trying to associate with SSID 'Asuswrt'
wpa_supplicant: assoc key_mgmt 0x400 network key_mgmt 0xc00
wpa_supplicant: wlan0: nl80211: kernel reports: multicast RX registrations are not supported
wpa_supplicant: [DHD]< 2659.972048> wl_cfgvendor_send_supp_eventstring: [wlan0] Connecting with ff:xx:xx:xx:xf:ff ssid "Asuswrt",chan_cnt:2
wpa_supplicant: [DHD]< 2660.273088> wl_cfgvendor_send_supp_eventstring: [wlan0] Mode:0 event:3 status:0x1 reason:33
wpa_supplicant: [DHD]< 2660.314718> wl_cfgvendor_send_supp_eventstring: [wlan0] Mode:0 event:3 status:0x0 reason:0
wpa_supplicant: [DHD]< 2660.328647> wl_cfgvendor_send_supp_eventstring: [wlan0] Mode:0 event:88 status:0x0 reason:0
wpa_supplicant: [DHD]< 2660.329255> wl_cfgvendor_send_supp_eventstring: [wlan0] Mode:0 event:16 status:0x0 reason:0
wpa_supplicant: assoc key_mgmt 0x400 network key_mgmt 0xc00
wpa_supplicant: wlan0: Associated with <redacted-bssid>

After giving up trying to figure out what reason:126 meant (what I think is the error?), I switched over to looking at WiFiAnalyzer to see if it could give me any insight.

Well there quite a few differences, so I just started working through them by trial-and-error.
Enabling 802.11k and 802.11v didn't help at all, and neither did downgrading the spec version to AX.

That left the cipher, which I didn't know how to change! There's a drop-down for it on the WPA2-PSK mode, but not on WPA3-SAE.
Looking in /etc/config/wireless, I saw the line option encryption 'sae', but nowhere that a cipher was explicitly specified. I checked the wiki for ways to change it, but that seems to be outdated(?), as I later found this forum post which mentioned sae+gcmp256.
I first tried option encryption 'sae+ccmp' hoping to match the working AP's cipher of [RSN-SAE-CCMP-128], followed by wifi reload, and it worked! My phone could now connect to the OpenWrt AP.

I wasn't really satisfied with using an older, slower cipher though, so I also gave sae+gcmp256 a try, and was still able to connect all of my devices.
Looks like the problem causing incompatibility was due to sae advertising multiple ciphers by default?

Anyway, the reason I'm creating this topic is:

1. So that if anyone else is having the same issue they can use the same workaround as me
2. To ask people more knowledgeable than me:
   2a. Does this mean 25.12.0 is going to break WPA3 for some clients?
   2b. Should there be a cipher drop-down box in LuCI when using WPA3?
   2c. Is there an authoritative list of encryption modes somewhere such as sae+ccmp to update the wiki with?

Sorry it's such a long post, but I wanted it to be as helpful as possible for people facing the same issue as me in the future! Let me know if there's any details I should add.

Thank you for the headset up.

Didn't spot that issue beforehand, my mistake! Thanks for linking it

I have been using WPA3-SAE with 802.11r roaming on WiFi 6 on my Asus RT-AX53U and it's been great on 24.10.5. But on 25.12.0 it fails to work at all on WPA3-SAE. It seems OK on WPA2-PSK although the WiFi seems less stable in general. Neither my Galaxy S23 or new S26 work. It hangs onto the old access point and refuses to roam. I've reverted to 24.10.5 as I need this to work.

Yes, same here.

It’s a severe bug that, in my opinion, should have blocked the release of 25.12.x

Don't get me wrong.... But that's why there are release candidates. The core dev team can not test any of devices and their chips out there. That needs to be done by the user base. So next time feel free to follow the RC and point to issues before.

You are right, nothing to complain.

Seems strange It never appeared in RC…perhaps a lot of user skipped the beta testing.

But still; if you are capable of helping out with testing and/or confirming bug reports, then join in.

If not done yet, and if you like to, make yourself familiar -- not only with using the local image builder -- but also with the full build environment and how to apply patches to compile them.
So you could test patches first hand so to speak

If you have any issues or struggles feel free to post them on