How to use WPA3 with Ubuntu 20.04

Having recently upgraded my Wifi router's firmware to one that supports WPA3, I tried to adjust the corresponding WiFi connection settings on my laptop running 20.04.1 by selecting "WPA3 Personal" on the 'Security' tab (the 'Details' tab shows that WPA3 support is advertised by the router as expected).

Despite deleting and re-creating the connection profile and multiple reboots, my laptop always connects over WPA2 (as reported by the router's UI). A telltale sign is that the drop-down setting on the 'Security' tab flips back to "WPA & WPA2 Personal".

My laptop's hardware supports WPA3; the router had to be setup in mixed mode (WPA2+WPA3) due to some legacy devices that don't yet support WPA3. My iPhone and other iOS devices immediately took advantage of WPA3 after the firmware upgrade.

Other WPA3 questions relate to 18.04; the version of network-manager (1.22.10) shipped with 20.04 ought to support WPA3 out of the box.


The cleanest way I found to fix this issue is to use nmcli.

Begin by identifying your existing wifi connection (we'll assume it's called mywifi):

nmcli conn show
NAME                                UUID                                  TYPE      DEVICE 
mywifi                              xxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxxxx  wifi      wlp1s0 
...other connections here...

We then use the nmcli interactive editor to fix the key-mgmt in use as follows:

nmcli conn edit xxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxxxx
===| nmcli interactive connection editor |===
Editing existing '802-11-wireless' connection: 'mywifi'

nmcli> print wifi-sec.key-mgmt
802-11-wireless-security.key-mgmt: wpa-psk

nmcli> describe wifi-sec.key-mgmt

=== [key-mgmt] ===
[NM property description]
Key management used for the connection.  One of "none" (WEP), "ieee8021x" (Dynamic WEP), "wpa-psk" (infrastructure WPA-PSK), "sae" (SAE) or "wpa-eap" (WPA-Enterprise).  This property must be set for any Wi-Fi connection that uses security.

nmcli> set wifi-sec.key-mgmt sae

nmcli> verify
Verify connection: OK

nmcli> save persistent
Connection 'mywifi' (xxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxxxx) successfully updated.

A reboot is likely required after this.

Background info:

"The WPA3 standard replaces the Pre-Shared Key exchange with Simultaneous Authentication of Equals" (SAE) per Wikipedia.

A quicker way to achieve the above is through direct manipulation of the connection file as follows:

sudo sed -i -e '/key-mgmt=/s,wpa-psk,sae,' /etc/NetworkManager/system-connections/mywifi.nmconnection

This is possibly a bug in NetworkManager's UI? If multiple users confirm, I'll raise a defect report.