-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 The Libreswan Project has released libreswan-3.26 This is a feature release with some minor bugfixes New Features: * Support for RSA-PSS (RFC 7427) via authby=rsa-sha2 * Support for ECDSA (RFC 7427) via authby=ecdsa-sha2 * Support for CHACHA20POLY1305 for IKE and ESP Bugfixes: * Fix optional key-length regression (in v3.25) with ESP proposal * Be lenient with DH components in ESP when pfs=no * Don't do bogus XAUTH message padding * Fix traffic selector lookup for asymmetric conns You can download libreswan via https at: https: //download.libreswan.org/libreswan-3.26.tar.gz https: //download.libreswan.org/libreswan-3.26.tar.gz.asc The full changelog is available at: https: //download.libreswan.org/CHANGES Please report bugs either via one of the mailinglists or at our bug tracker: https: //lists.libreswan.org/ https: //bugs.libreswan.org/ Binary packages for RHEL/EPEL and Debian/Ubuntu can be found at https: //download.libreswan.org/binaries/ Binary packages for Fedora and Debian should be available in their respective repositories a few days after this release. See also https://libreswan.org/ v3.26 (September 16, 2018) * IKEv2: Support for RSA-PSS (RFC 7427) via authby=rsa-sha2 [Sahana Prasad] * IKEv2: Support for ECDSA (RFC 7427) via authby=ecdsa-sha2 [Sahana Prasad] * IKEv2: Use DER handling code of NSS instead of our custom code [Andrew] * IKEv2: Fix core dump when impaired and proposing esp=null-none [Andrew] * IKEv2: Fix traffic selector lookup for asymmetric conns [Andrew/Paul] * IKEv2: Add IKE and ESP support for chacha20poly1305 (RFC 7634) [Andrew] * IKEv2: Fix leaks in ikev2_calculate_rsa_hash [Hugh] * IKEv2: Simplify proposal generating [Hugh] * IKEv1: Fix handling XAUTH empty passwords [Andrew] * IKEv1: Fix XAUTH message padding [Hugh] * IKEv1: Various code cleanup, next payload handling [Hugh] * IKEv1: fix optional key-length regression (in v3.25) with ESP prop [Andrew] * IKEv1: Don't delete replaced IKE SA, it confuses third party clients [Paul] * pluto: Relax strictness of DH in ESP/AH proposals [Andrew] * pluto: Fix for two roadwarriors using ID_IPv4 behind same NAT [Paul] * pluto: Do not hand out old lease address for authby=secret conns [Paul] * pluto: new --selftest option that exits pluto after startup tests [Paul] * pluto: Updated known Vendor ID table [Paul] * XFRM: Don't call init_pfkey() on boot so Linux upstream can kill it [Andrew] *_unbound-hook: Fixup adding IPv4 pubkey, unbound now quotes arg as 1 [Paul] * building: Fix listed patches for debian build [Paul] * building: enable DH31 (curve25519) per default [Paul] * testing: prepare to migrate from f22 to f28 [Andrew, Antony, Paul] * Bugtracker bugs fixed: #166 IPsec/XAuth reusing lease for multiple clients behind same NAT [Paul] -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.22 (GNU/Linux) iQIcBAEBCgAGBQJbnyw4AAoJEIX/S0OzD8b5bsEP/Rb6SXkqFzW0N9o8pnurNwSl LVDF2c3GwjGs0jHSvTlf5wKK5PTgDX18OxXb31rcQeivGLgv6wlgCynmqYiVxVMZ gm7mjulC15PEI+DvGztRCDvYGBVMFr+lqVHYV8f25/InB0JW0bHE84TJRrudY9mV xQBuyFHfv8eCHpYmjEz90wTHe6+9iXJPRlKcFZDxzZgLySgSlrVwnJ9Q32xrNrbC WYBM4QjVAqgb4gLf7tOv7regMVP//YPaf1Xc9rbqYi6abdW4oNy8zS8N1ZkEYbo1 Ek7O8fcOeol5cSiF//G8z3gEZILlzFn1if3NQW0BrTiF2XQ7Z7tUUBpI9vCyH4Pw 5vOeaqrLUY4MZivxBdRiKYlZeBIdO+vT0VOpiyngjt6JS7MD72dHn4Tf+6rz9vbV LyPeHVb+6JizqxJByI32Bn6O68u3uZ56VyJp8ATKLw51ii9IsMg+nwnS/DiSNgyp irYNxYnRb5rChcP5qpLKsuB4kbGIu0ZTu1/e9cuvcYYNl/HSBcGyWpEuSbwJFL22 rskDEdCe9hhO0lcDFLZKljz6w4KkBS771kAP4J+XbIsoElHUjeiMU5oKDx+tsPZR EE3vnv/58Mr6w8qNtCYE/sdoghRbCFHgyj0rOHV8Fr9V26RHNX8TQS5k80oVRzfj kTmUHI2DQog0VqJ9LJi6 =MALs -----END PGP SIGNATURE----- _______________________________________________ Swan-announce mailing list swan-annou...@lists.libreswan.org https://lists.libreswan.org/mailman/listinfo/swan-announce _______________________________________________ Swan-dev mailing list Swan-dev@lists.libreswan.org https://lists.libreswan.org/mailman/listinfo/swan-dev