strongSwan - Design by Margo Galas <galas (at) solnet (dot) ch>

Main Sponsors

secunet

secunet

revosec

Hochschule für Technik Rapperswil

strongSwan 5.3.3 Released

We are happy to announce the release of strongSwan 5.3.3, which brings support for the ChaCha20/Poly1305 AEAD cipher, configuration of auxiliary CA information such as CRL and OCSP URIs via VICI, and adds numerous other new features and fixes.


Support for the ChaCha20/Poly1305 AEAD Cipher

The ChaCha20/Poly1305 AEAD cipher specified in RFC 7539 and RFC 7634 is supported and may be configured using the chacha20poly1305 ike/esp proposal keyword. The new chapoly plugin implements the cipher, if possible SSE-accelerated on x86/x64 architectures. It is usable both in IKEv2 and the strongSwan libipsec ESP backend. On Linux 4.2 or newer the kernel-netlink plugin can configure the cipher for ESP SAs as demonstrated in the ikev2/alg-chacha20poly1305 test scenario.

Auxiliary Certification Authority (CA) Information via VICI/swanctl

The vici/swanctl interface now supports the configuration of auxiliary certification authority information such as CRL and OCSP URIs. An example is provided in the swanctl/multi-level-ca scenario.

auto=route with right=%any for Transport Mode Connections

Support for auto=route  with right=%any for transport mode connections has been added. This simplifies configuration of fully-meshed host-to-host connections. More details and examples are provided in issue #196 and the ikev2/trap-any scenario.

BLISS Signature Changes

In the bliss plugin the c_indices derivation using a SHA-512 based random oracle has been fixed, generalized and standardized by employing the MGF1 mask generation function with SHA-512. As a consequence BLISS signatures using the improved oracle are not compatible with the earlier implementation.

Other Notable Changes

  • The starter daemon does not flush IPsec policies and SAs anymore when stopped.
  • Symmetric configuration of EAP methods in left|rightauth is possible when mutual EAP-only authentication is used.
  • The initiator flag in the IKEv2 header is compared again, packets that have the flag set incorrectly are ignored.
  • Matching one of multiple CA certificates set in swanctl.conf (connections.<conn>.remote<suffix>.cacerts) is now enough.
  • Refer to the changelog for a list of other changes and fixes.

Download it from here - a more extensive changelog can be found on our wiki.