Access Point mode with TKIP

when set up Raspberry Pi with BerryLan in Access Point mode, a Wifi with security WPA (1) and TKIP will be created.
WPA/TKIP is outdated and many clients report them as unsafe.
How can I change this to WPA 2/3 with AES?
Best regards

Thanks for the hint. This pull request enforces CCMP instead of TKIP when creating an access point: Enforce CCMP when starting an access point by mzanetti · Pull Request #22 · nymea/libnymea-networkmanager · GitHub

Editing the file ‘wifi.nmconnection’ in /etc/NetworkManager/systemconnections/ did the trick. Just added ‘group=ccmp’ and ‘pairwise=ccmp’ in ‘[wifi-security]’, restart NetworkManager services.