Projects / strongSwan / Releases

All releases of strongSwan

  •  30 Apr 2013 13:36
Avatar

    Release Notes: This release fixes a severe security vulnerability (CVE-2013-2944) that existed in all versions 4.3.5 through 5.0.3. If the strongSwan "openssl" plugin was used for ECDSA signature verification, an empty, zeroed, or otherwise invalid signature was handled as a legitimate one.

    •  12 Feb 2013 09:09
    Avatar

      Release Notes: The strongSwan Trusted Network Connect functionality supports all IETF Standard PA-TNC attributes and a new OS IMC/IMV pair using these attributes to transfer Linux or Android operating system information. Interoperability with Windows XP has been improved by supporting PKCS#7 certificate containers and legacy NAT traversal protocols. The test framework has been migrated from User Mode Linux to KVM, making it faster and more robust.

      •  04 Oct 2012 15:04
      Avatar

        Release Notes: The leftsourceip option now accepts a comma separated combination of %config4, %config6, or fixed IP addresses to request from the responder. Likewise, the rightsourceip option accepts multiple explicitly specified or referenced named address pools. TPM-based remote attestation has been extended to verify the complete measurements done by the Linux Integrity Measurement Architecture (IMA). Reference hash values of up to 10'000 Linux system files are stored in an SQLite database.

        •  02 Jul 2012 05:11
        Avatar

          Release Notes: The IKEv1 protocol was re-implemented from scratch by extending the successful IKEv2 code. The charon keying daemon now supports both protocols, which allowed the old IKEv1 pluto daemon to be removed. Support for the IKEv1 Aggressive and Hybrid Modes has been added.

          •  02 May 2012 07:38
          Avatar

            Release Notes: An extended EAP-RADIUS interfaces allows one to enforce Session-Timeout attributes using RFC4478 repeated authentication, and acts upon RADIUS Dynamic Authorization extensions (RFC 5176). Currently supported are disconnect requests and CoA messages containing a Session-Timeout. The tnc-pdp plugin implements a RADIUS server interface allowing a strongSwan TNC server to act as a Policy Decision Point.

            •  21 Feb 2012 03:01
            Avatar

              Release Notes: The Trusted Computing Group Attestation Platform Trust Service (PTS) protocol was implemented. TPM-based remote attestation of Linux IMA (Integrity Measurement Architecture) is now possible. Measurement reference values are automatically stored in a SQLite database. A RADIUS accounting interface was provided along with support for PKCS#8 encoded private keys.

              •  10 Nov 2011 12:12
              Avatar

                Release Notes: Because Ubuntu 11.10 activated the --as-needed ld option that discards included links to dynamic libraries that are not actually used by the charon daemon itself, the loading of plugins depending on external symbols provided by the libsimaka, libtls, or libtnccs libraries failed. As a fix, the plugins include the required libraries directly, and due to relinking during the installation, the approach of computing integrity checksums for plugins had to be changed radically by moving the hash generation from the compilation to the post-installation phase.

                •  07 Nov 2011 06:28
                Avatar

                  Release Notes: The libstrongswan plugin system now supports detailed plugin dependencies. Many plugins have been extended to export their capabilities and requirements. This allows the plugin loader to resolve the plugin loading order automatically, The pkcs11 plugin has been extended to handle Elliptic Curve Cryptography smartcards. The tnc-ifmap plugin implements a TNC IF-MAP 2.0 client which can deliver metadata about IKE_SAs via a SOAP interface to a Trusted Network Connect MAP server.

                  •  03 Aug 2011 12:48
                  Avatar

                    Release Notes: The IKEv2 charon daemon allows one to define PASS and DROP shunt policies that, for example, prevent local traffic from going through IPsec connections or except certain protocols from IPsec encryption. A new IMC/IMV Scanner pair implements the RFC 5792 PA-TNC protocol. The Integrity Measurement Collector uses netstat to scan for open listening ports on the TNC client and sends a port list to the Integrity Measurement Verifier atttached to the TNC Server, which decides whether the client is admitted to the network based on a configurable port policy.

                    •  25 May 2011 09:48
                    Avatar

                      Release Notes: The IKEv2 daemon supports negotiation of Extended Sequence Numbers (ESN) in conjunction with the Linux 2.6.39 kernel. The whitelist plugin allows whitelisting of users with X.509 certificate credentials. The eap-sim-pcsc plugin implements a pcsc-lite based SIM card backend.

                      Screenshot

                      Project Spotlight

                      episoder

                      A tool to tell you about new episodes of your favourite TV shows.

                      Screenshot

                      Project Spotlight

                      BalanceNG

                      A modern software IP load balancer.