Important  The Native 802.11 Wireless LAN interface is deprecated in Windows 10 and later. Please use the WLAN Device Driver Interface (WDI) instead. For more information about WDI, see WLAN Universal Windows driver model.

When set, the OID_DOT11_ENABLED_UNICAST_CIPHER_ALGORITHM object identifier (OID) requests that the miniport driver set the value of the Extensible Station (ExtSTA) msDot11EnabledUnicastCipherAlgo management information base (MIB) object to the specified data.

When queried, this OID requests that the miniport driver return the value of the msDot11EnabledUnicastCipherAlgo MIB object.

The msDot11EnabledUnicastCipherAlgo MIB object specifies the list of unicast cipher algorithms that the 802.11 station enables for use when connecting to a basic service set (BSS) network. After OID_DOT11_CONNECT_REQUEST is set, the 802.11 station will attempt to connect to a BSS whose 802.11 Beacon or Probe Response frames specify support for a unicast cipher algorithm defined by an entry within the msDot11EnabledUnicastCipherAlgo MIB object.


Support for OID_DOT11_ENABLED_UNICAST_CIPHER_ALGORITHM is mandatory if the 802.11 station supports any unicast cipher algorithms. The miniport driver returns a list of supported unicast cipher algorithms when OID_DOT11_SUPPORTED_UNICAST_ALGORITHM_PAIR is queried.


The data type for this OID is the DOT11_CIPHER_ALGORITHM_LIST structure.

When OID_DOT11_ENABLED_UNICAST_CIPHER_ALGORITHM is set, the miniport driver must do the following:

  • The msDot11EnabledUnicastCipherAlgo MIB object must always contain at least one entry. If the uNumOfEntries member of the DOT11_CIPHER_ALGORITHM_LIST structure is set to zero, the miniport driver must fail the set request by returning NDIS_STATUS_INVALID_DATA from its MiniportOidRequest function.

  • If the 802.11 station does not support a specified unicast cipher algorithm, return NDIS_STATUS_INVALID_DATA from its MiniportOidRequest function.

  • If the 802.11 station does not support any of the specified unicast cipher algorithms for any of the enabled authentication algorithms defined by the ExtSTA msDot11EnabledAuthAlgo MIB object, return NDIS_STATUS_INVALID_DATA from its MiniportOidRequest function.

    For more information about the msDot11EnabledAuthAlgo MIB object, see OID_DOT11_ENABLED_AUTHENTICATION_ALGORITHM.

  • Enable the specified unicast cipher algorithms for every enabled authentication algorithm that supports it.

  • Disable all supported unicast cipher algorithms that are not in the specified list.

  • Ensure that the value of the InformationBufferLength member of the MiniportOidRequest function's OidRequest parameter is at least the value returned by the following formula:


The Microsoft 802.1X supplicant enables only one standard 802.11 unicast cipher algorithm. However, a supplicant provided by the independent hardware vendor (IHV) can enable one or more unicast cipher authentication algorithms. For more information about 802.1X supplicants, refer to the IEEE 802.1X-2001 standard.

When OID_DOT11_ENABLED_UNICAST_CIPHER_ALGORITHM is queried, the miniport driver must do the following:

  • If this OID was previously set, returns the list of unicast cipher algorithms in the same order as they were set.

  • If this OID was not previously set, returns its default unicast cipher algorithms in the list.

  • The miniport driver cannot return an empty list of unicast cipher algorithms. If the 802.11 station has not enabled any unicast cipher algorithms, the miniport driver must return a list containing DOT11_CIPHER_ALGO_NONE.

The default value for the msDot11EnabledUnicastCipherAlgo MIB object is the list of unicast ciphers supported by the authentication algorithms specified by the msDot11EnabledAuthAlgo MIB object. The default unicast cipher list must be ordered by preference. For more information about cipher preference, see DOT11_CIPHER_ALGORITHM.

The miniport driver must set the msDot11EnabledUnicastCipherAlgo MIB object to the default multicast cipher whenever the following occurs:

Note  Beginning in Windows 7, the operating system enables only one cipher algorithm at a time.



Available in Windows Vista and later versions of the Windows operating systems.


Windot11.h (include Ndis.h)

See also

Native 802.11 Wireless LAN OIDs



Send comments about this topic to Microsoft