You will need VIA (or another supplicant that supports SuiteB/gcm-ciphers) as standard supplicants will not support that encryption.
Some more information is in the ArubaOS User Guide (6.5.0.0 page 434):
Suite-B Cryptography
The Suite-B (bSec) protocol is a pre-standard protocol that has been proposed to the IEEE 802.11 committee as an alternative to 802.11i. The main difference between bSec and standard 802.11i is that bSec implements Suite-B algorithms wherever possible. Notably, AES-CCM is replaced by AES-GCM, and the Key Derivation Function (KDF) of 802.11i is upgraded to support SHA-256 and SHA-384. In order to provide interoperability with standard Wi-Fi software drivers, bSec is implemented as a shim layer between standard 802.11 Wi-Fi and a Layer 3 protocol such as IP. A controller configured to advertise a bSec SSID will advertise an open network, however only bSec frames will be permitted on the network.
And the VIA UserGuide 3.x for Windows page 104,108:
Enable Supplicant If enabled, VIA starts in bSec mode using L2 suite-b cryptography. This option is disabled by default.
If you really need SuiteB in government deployments on WLAN level, it may be best to contact our Federal team.
It appears that the new WPA3 standard includes stronger ciphers as part of many other security improvements.