Hi, strongswan-4.3.3 is out and offers two new features:
Optional Integrity Checksum Tests --------------------------------- The configuration option --enable-integrity-test plus the strongswan.conf option libstrongswan.integrity_test=yes activate integrity tests of the IKE daemons charon and pluto, libstrongswan and all loaded plugins. Thus dynamic library misconfigurations and non-malicious file manipulations can be reliably detected. More details can be found under the following wiki link: http://wiki.strongswan.org/wiki/strongswan/IntegrityTest All our rw-cert UML test scenarios are run with enabled integrity and crypto tests, e.g. http://www.strongswan.org/uml/testresults43/ikev1/rw-cert/moon.auth.log http://www.strongswan.org/uml/testresults43/ikev2/rw-cert/moon.daemon.log IKEv1 Suite B Interoperability with MS Windows ---------------------------------------------- The new default setting libstrongswan.ecp_x_coordinate_only=yes allows IKEv1 interoperability with MS Windows using the ECP DH groups 19 and 20. Additionally the IKEv1 pluto daemon now supports the AES-CCM and AES-GCM ESP authenticated encryption algorithms. Together with ECDSA signatures the strongSwan IKEv1 functionality is now compliant with Suite B defined by RFC 4869. http://tools.ietf.org/html/rfc4869 Still missing is AES-GMAC support by the Linux kernel (the crypto code is there somewhere but the XFRM interface isn't [yet]). Anyway, using ECP DH groups, ECDSA certificates and AES-GCM ESP authenticated encryption we did a couple of successful interoperability tests with the IPsec functionality of the Windows 7/Vista/Server 2008 Advanced Firewall: http://wiki.strongswan.org/wiki/strongswan/WindowsSuiteB Security Update --------------- The RDN parser vulnerability discovered by Orange Labs research team two months ago was not completely fixed by version 4.3.2. Some more modifications had to be applied to the asn1_length() function to make it robust. Patches for older versions are available under the link http://download.strongswan.org/patches/07_asn1_length_patch/ Best regards Andreas Steffen Martin Willi strongSwan Project Leader IKEv2 Software Architect ====================================================================== Andreas Steffen andreas.stef...@strongswan.org strongSwan - the Linux VPN Solution! www.strongswan.org Institute for Internet Technologies and Applications University of Applied Sciences Rapperswil CH-8640 Rapperswil (Switzerland) ===========================================================[ITA-HSR]== _______________________________________________ Users mailing list Users@lists.strongswan.org https://lists.strongswan.org/mailman/listinfo/users