@Javert 

Check the router in that is it not using WPA2-TKIP+AES, but only AES. Default the extender, and set up the extender through the web browser. If you are still seeing the not secured message, follow up with our support team.

@Javert I don't think your device supports AES. I'm pretty sure mine does not, and I've gone through configurations and made sure I have the latest firmware. (TL-WA855RE is what I have).

See: https://community.tp-link.com/us/home/forum/topic/230806 (no solution, just more info).

@Javert 

Well the router is set to AES only.  

The router is an Asus and it has options:

Authentication method

WPA Encryption.

The authentication method is set to "WPA2-Personal".

The WPA encryption method is set to AES, which is the only option.

If I changed the authentication method to "WPA2-Auto", I then have the option to select "TKIP+AES" as the entryption method,  but I have not done that.

However, I still get the warning "weak security" on IO devices if I conect to the range extender network name.

Unless the router is not working as advertised, I guess the range extender must be communicating with the router with AES, but my IOS device seems to believe that the connection from the extender to the device is using TKIP.  

I will try to reset it to factory settings and set it up again through web browser, but this is I think what I already did the first time around.