diff --git a/components/esp_wifi/include/esp_wifi_types.h b/components/esp_wifi/include/esp_wifi_types.h
index 6b43d113a12c..200bd70b1ab4 100644
--- a/components/esp_wifi/include/esp_wifi_types.h
+++ b/components/esp_wifi/include/esp_wifi_types.h
@@ -286,11 +286,11 @@ typedef struct {
     uint8_t password[64];       /**< Password of soft-AP. */
     uint8_t ssid_len;           /**< Optional length of SSID field. */
     uint8_t channel;            /**< Channel of soft-AP */
-    wifi_auth_mode_t authmode;  /**< Auth mode of soft-AP. Do not support AUTH_WEP in soft-AP mode */
+    wifi_auth_mode_t authmode;  /**< Auth mode of soft-AP. Do not support AUTH_WEP, AUTH_WAPI_PSK and AUTH_OWE in soft-AP mode. When the auth mode is set to WPA2_PSK, WPA2_WPA3_PSK or WPA3_PSK, the pairwise cipher will be overwritten with WIFI_CIPHER_TYPE_CCMP.  */
     uint8_t ssid_hidden;        /**< Broadcast SSID or not, default 0, broadcast the SSID */
     uint8_t max_connection;     /**< Max number of stations allowed to connect in */
     uint16_t beacon_interval;   /**< Beacon interval which should be multiples of 100. Unit: TU(time unit, 1 TU = 1024 us). Range: 100 ~ 60000. Default value: 100 */
-    wifi_cipher_type_t pairwise_cipher;   /**< pairwise cipher of SoftAP, group cipher will be derived using this. cipher values are valid starting from WIFI_CIPHER_TYPE_TKIP, enum values before that will be considered as invalid and default cipher suites(TKIP+CCMP) will be used. Valid cipher suites in softAP mode are WIFI_CIPHER_TYPE_TKIP, WIFI_CIPHER_TYPE_CCMP and WIFI_CIPHER_TYPE_TKIP_CCMP. */
+    wifi_cipher_type_t pairwise_cipher;   /**< Pairwise cipher of SoftAP, group cipher will be derived using this. Cipher values are valid starting from WIFI_CIPHER_TYPE_TKIP, enum values before that will be considered as invalid and default cipher suites(TKIP+CCMP) will be used. Valid cipher suites in softAP mode are WIFI_CIPHER_TYPE_TKIP, WIFI_CIPHER_TYPE_CCMP and WIFI_CIPHER_TYPE_TKIP_CCMP. */
     bool ftm_responder;         /**< Enable FTM Responder mode */
     wifi_pmf_config_t pmf_cfg;  /**< Configuration for Protected Management Frame */
     wifi_sae_pwe_method_t sae_pwe_h2e;  /**< Configuration for SAE PWE derivation method */
diff --git a/components/esp_wifi/lib b/components/esp_wifi/lib
index f4fee447eb5a..6292339dd1f2 160000
--- a/components/esp_wifi/lib
+++ b/components/esp_wifi/lib
@@ -1 +1 @@
-Subproject commit f4fee447eb5abc27d0088849580c2e9117f059bc
+Subproject commit 6292339dd1f262ec0bf9bb058758dbf02e1e0505
diff --git a/components/wpa_supplicant/esp_supplicant/src/esp_hostap.c b/components/wpa_supplicant/esp_supplicant/src/esp_hostap.c
index d160b7c3364f..481be139e7ed 100644
--- a/components/wpa_supplicant/esp_supplicant/src/esp_hostap.c
+++ b/components/wpa_supplicant/esp_supplicant/src/esp_hostap.c
@@ -40,7 +40,7 @@ void *hostap_init(void)
     struct wpa_auth_config *auth_conf;
     u16 spp_attrubute = 0;
     u8 pairwise_cipher;
-    wifi_pmf_config_t pmf_cfg;
+    wifi_pmf_config_t pmf_cfg = {0};
     uint8_t authmode;
 
     hapd = (struct hostapd_data *)os_zalloc(sizeof(struct hostapd_data));
@@ -85,11 +85,12 @@ void *hostap_init(void)
     pairwise_cipher = esp_wifi_ap_get_prof_pairwise_cipher_internal();
 
 #ifdef CONFIG_IEEE80211W
-
-    esp_wifi_get_pmf_config_internal(&pmf_cfg, WIFI_IF_AP);
-
-    if (pmf_cfg.required) {
-        pairwise_cipher = WIFI_CIPHER_TYPE_CCMP;
+    if((auth_conf->wpa & WPA_PROTO_RSN) == WPA_PROTO_RSN)
+    {
+        esp_wifi_get_pmf_config_internal(&pmf_cfg, WIFI_IF_AP);
+        if (pmf_cfg.required) {
+            pairwise_cipher = WIFI_CIPHER_TYPE_CCMP;
+        }
     }
 #endif /* CONFIG_IEEE80211W */