802.11 Encryption Modes
NDIS defines three types of encryption modes that can be enabled or disabled on the 802.11 device. The miniport driver's encryption mode is queried or set through OID_802_11_ENCRYPTION_STATUS.
Encryption modes define the set of cipher suites that can be enabled on the 802.11 device:
Encryption1
WEP encryption is supported and enabled on the device. The device either does not support TKIP and AES, or these cipher suites are disabled.Encryption2
WEP and TKIP encryption are supported and enabled on the device. The device either does not support AES or this cipher suite is disabled.Encryption3
WEP, TKIP, and AES encryption are supported and enabled on the device.To support Encryption3, miniport drivers must support the AES-CCMP algorithm. Miniport drivers that support other variants of the AES cipher suite must return NDIS_STATUS_NOT_SUPPORTED in response to a setting of OID_802_11_ENCRYPTION_STATUS that specifies Encryption3.
Cipher suites within an encryption mode are ranked based on security preference as follows:
AES (most secure)
TKIP
WEP (least secure)