Important  The Native 802.11 Wireless LAN interface is deprecated in Windows 10 and later. Please use the WLAN Device Driver Interface (WDI) instead. For more information about WDI, see WLAN Universal Windows driver model.
The DOT11_CIPHER_ALGORITHM enumeration defines a cipher algorithm for data encryption and decryption.


typedef enum _DOT11_CIPHER_ALGORITHM {
  DOT11_CIPHER_ALGO_NONE           = 0x00,
  DOT11_CIPHER_ALGO_WEP40          = 0x01,
  DOT11_CIPHER_ALGO_TKIP           = 0x02,
  DOT11_CIPHER_ALGO_CCMP           = 0x04,
  DOT11_CIPHER_ALGO_WEP104         = 0x05,
  DOT11_CIPHER_ALGO_BIP            = 0x06,
  DOT11_CIPHER_ALGO_WEP            = 0x101,
  DOT11_CIPHER_ALGO_IHV_START      = 0x80000000,
  DOT11_CIPHER_ALGO_IHV_END        = 0xffffffff


DOT11_CIPHER_ALGO_NONE Specifies that no cipher algorithm is enabled or supported.
DOT11_CIPHER_ALGO_WEP40 Specifies a Wired Equivalent Privacy (WEP) algorithm, which is the RC4-based algorithm that is specified in the IEEE 802.11-2012 standard. This enumerator specifies the WEP cipher algorithm with a 40-bit cipher key.
DOT11_CIPHER_ALGO_TKIP Specifies a Temporal Key Integrity Protocol (TKIP) algorithm, which is the RC4-based cipher suite that is based on the algorithms that are defined in the WPA specification and IEEE 802.11i-2004 standard. This cipher also uses the Michael Message Integrity Code (MIC) algorithm for forgery protection.
DOT11_CIPHER_ALGO_CCMP Specifies an AES-CCMP algorithm, as specified in the IEEE 802.11i-2004 standard and RFC 3610. Advanced Encryption Standard (AES) is the encryption algorithm defined in FIPS PUB 197.
DOT11_CIPHER_ALGO_WEP104 Specifies a WEP cipher algorithm with a 104-bit cipher key.
DOT11_CIPHER_ALGO_BIP Specifies a BIP cipher algorithm.
DOT11_CIPHER_ALGO_WPA_USE_GROUP Specifies a Wifi Protected Access (WPA) Use Group Key cipher suite.

For more information about the Use Group Key cipher suite, refer to Clause of the IEEE 802.11i-2004 standard.

DOT11_CIPHER_ALGO_RSN_USE_GROUP Specifies a Robust Security Network (RSN) Use Group Key cipher suite.

For more information about the Use Group Key cipher suite, refer to Clause of the IEEE 802.11i-2004 standard.

DOT11_CIPHER_ALGO_WEP Specifies a WEP cipher algorithm with a cipher key of any length.

A miniport driver that operates in Extensible Station (ExtSTA) mode specifies the maximum WEP cipher key length through a query of OID_DOT11_EXTSTA_CAPABILITY.

Note  The operating system will only enable this cipher algorithm if authentication algorithms of DOT11_AUTH_ALGO_80211_OPEN or DOT11_AUTH_ALGO_80211_SHARED_KEY have been enabled. For more information about these authentication algorithms, see DOT11_AUTH_ALGORITHM.
DOT11_CIPHER_ALGO_IHV_START Specifies the start of the range that is used to define proprietary cipher algorithms that are developed by an independent hardware vendor (IHV).

The DOT11_CIPHER_ALGO_IHV_START enumerator is valid only when the miniport driver is operating in ExtSTA mode.

DOT11_CIPHER_ALGO_IHV_END Specifies the end of the range that is used to define proprietary authentication algorithms that are developed by an IHV.

The DOT11_CIPHER_ALGO_IHV_END enumerator is valid only when the miniport driver is operating in ExtSTA mode.


An IHV can assign a value for its proprietary cipher algorithms from DOT11_CIPHER_ALGO_IHV_START through DOT11_CIPHER_ALGO_IHV_END. The IHV must assign a unique number in this range to each of its proprietary cipher algorithms.

If the IHV develops its own support for an cipher algorithm supported by the operating system, the IHV must also assign a unique number from this range. For example, if the IHV develops its own version of TKIP, it must assign a value for this version from DOT11_CIPHER_ALGO_IHV_START through DOT11_CIPHER_ALGO_IHV_END.

A miniport driver must enable or select cipher algorithms based on the following preference order (listed from highest to lowest):







If the miniport driver supports IHV-defined cipher algorithms, the miniport driver can determine the preference order for these algorithms with respect to the 802.11 standard cipher algorithms.

Starting with Windows 7, an 802.11 miniport driver can report any combination of supported authentication and cipher algorithm pairs in the DOT11_AUTH_CIPHER_PAIR_LIST structure. However, if the operating system starts Soft AP, it enables only the DOT11_AUTH_ALGO_RSNA_PSK authentication algorithm and the DOT11_CIPHER_ALGO_CCMP cipher algorithm. To support Soft AP, the miniport driver must support this authentication/cipher pair.

If WPS is enabled on a NIC that is operating in Extensible AP mode, the miniport driver must allow peer stations to associate with the Extensible AP by using Open System Authentication or Wired Equivalent Privacy (WEP) algorithms, regardless of the enabled authorization and cipher algorithms. For more information about WPS and Extensible AP, see OID_DOT11_WPS_ENABLED.


Minimum supported client Available in Windows 8 and later versions of the Windows operating systems.
Header wlantypes.h (include Ndis.h)

See Also