We are happy to announce the release of strongSwan 5.3.3, which brings support for the ChaCha20/Poly1305 AEAD cipher, configuration of auxiliary CA information such as CRL and OCSP URIs via VICI, and adds numerous other new features and fixes.
Support for the ChaCha20/Poly1305 AEAD Cipher
The ChaCha20/Poly1305 AEAD cipher specified in RFC 7539 and RFC 7634 is supported and may be configured using the chacha20poly1305 ike/esp proposal keyword. The new chapoly plugin implements the cipher, if possible SSE-accelerated on x86/x64 architectures. It is usable both in IKEv2 and the strongSwan libipsec ESP backend. On Linux 4.2 or newer the kernel-netlink plugin can configure the cipher for ESP SAs as demonstrated in the ikev2/alg-chacha20poly1305 test scenario.
Auxiliary Certification Authority (CA) Information via VICI/swanctl
auto=route with right=%any for Transport Mode Connections
Support for auto=route with right=%any for transport mode connections has been added. This simplifies configuration of fully-meshed host-to-host connections. More details and examples are provided in issue #196 and the ikev2/trap-any scenario.
BLISS Signature Changes
In the bliss plugin the c_indices derivation using a SHA-512 based random oracle has been fixed, generalized and standardized by employing the MGF1 mask generation function with SHA-512. As a consequence BLISS signatures using the improved oracle are not compatible with the earlier implementation.
Other Notable Changes
- The starter daemon does not flush IPsec policies and SAs anymore when stopped.
- Symmetric configuration of EAP methods in left|rightauth is possible when mutual EAP-only authentication is used.
- The initiator flag in the IKEv2 header is compared again, packets that have the flag set incorrectly are ignored.
- Matching one of multiple CA certificates set in swanctl.conf (connections.<conn>.remote<suffix>.cacerts) is now enough.
- Refer to the changelog for a list of other changes and fixes.