--- embedaddon/strongswan/NEWS 2020/06/03 09:46:43 1.1.1.1 +++ embedaddon/strongswan/NEWS 2021/03/17 00:20:08 1.1.1.2 @@ -1,3 +1,144 @@ +strongswan-5.9.2 +---------------- + +- Together with a Linux 5.8 kernel supporting the IMA measurement of the GRUB + bootloader and the Linux kernel, the strongSwan Attestation IMC allows to do + remote attestation of the complete boot phase. A recent TPM 2.0 device with a + SHA-256 PCR bank is required, so that both BIOS and IMA file measurements are + based on SHA-256 hashes. + +- Our own TLS library (libtls) that we use for TLS-based EAP methods and PT-TLS + gained experimental support for TLS 1.3. Thanks to Méline Sieber (client) and + Pascal Knecht (client and server) for their work on this. + Because the use of TLS 1.3 with these EAP methods is not yet standardized (two + Internet-Drafts are being worked on), the default maximum version is currently + set to TLS 1.2, which is now also the default minimum version. However the TNC + test scenarios using PT-TLS transport already use TLS 1.3. + +- Other improvements for libtls also affect older TLS versions. For instance, we + added support for ECDH with Curve25519/448 (DH groups may also be configured + now), for EdDSA keys and certificates and for RSA-PSS signatures. Support for + old and weak cipher suites has been removed (e.g. with 3DES and MD5) as well + as signature schemes with SHA-1. + +- The listener_t::ike_update event is now also called for MOBIKE updates. Its + signature has changed so we only have to call it once if both addresses/ports + have changed (e.g. for an address family switch). The event is now also + exposed via vici. + +- The farp plugin has been ported to macOS and FreeBSD. Thanks to Dan James for + working on this. + +- To fix DNS server installation with systemd-resolved, charon-nm now creates a + dummy TUN device again (was removed with 5.5.1). + +- The botan plugin can use rng_t implementations provided by other plugins when + generating keys etc. if the Botan library supports it. + +- charon-tkm now supports multiple CAs and is configured via vici/swanctl. + +- Simple glob patterns (e.g. include conf.d/*.conf) now also work on Windows. + Handling of forward slashes in paths on Windows has also been improved. + +- The abbreviations for the 'surname' and 'serial number' RDNs in ASN.1 DNs have + been changed to align with RFC 4519: The abbreviation for 'surname' is now + "SN" (was "S" before), which was previously used for 'serial number' that can + now be specified as "serialNumber" only. + +- An issue with Windows clients requesting previous IPv6 but not IPv4 virtual + IP addresses has been fixed. + +- ike_sa_manager_t: Checking out IKE_SAs by config is now atomic (e.g. when + acquires for different children of the same connection arrive concurrently). + The checkout_new() method has been renamed to create_new(). A new + checkout_new() method allows registering a new IKE_SA with the manager before + checking it in, so jobs can be queued without losing them as they can block + on checking out the new SA. + + +strongswan-5.9.1 +---------------- + +- Remote attestation via TNC supports the SHA-256 based TPM 2.0 BIOS/EFI + measurements introduced with the Linux 5.4 kernel. + +- Nonces in OCSP responses are not enforced anymore and only validated if a + nonce is actually contained. + +- Fixed an issue when only some fragments of a retransmitted IKEv2 message were + received, which prevented processing a following fragmented message. + +- All queued vici messages are now sent to subscribed clients during shutdown, + which includes ike/child-updown events triggered when all SAs are deleted. + +- CHILD_SA IP addresses are updated before installation to allow MOBIKE updates + while retransmitting a CREATE_CHILD_SA request. + +- When looking for a route to the peer, the kernel-netlink plugin ignores the + current source address if it's deprecated. + +- The file and syslog loggers support logging the log level of each message + after the subsystem (e.g. [IKE2]). + +- charon-nm is now properly terminated during system shutdown. + +- Improved support for EdDSA keys in vici/swanctl, in particular, encrypted + keys are now supported. + +- A new global strongswan.conf option allows sending the Cisco FlexVPN vendor ID + to prevent Cisco devices from narrowing a 0.0.0.0/0 traffic selector. + +- The openssl plugin accepts CRLs issued by non-CA certificates if they contain + the cRLSign keyUsage flag (the x509 plugin already does this since 4.5.1). + +- Attributes in PKCS#7 containers, as used in SCEP, are now properly + DER-encoded, i.e. sorted. + +- The load-tester plugin now supports virtual IPv6 addresses and IPv6 source + address pools. + + +strongswan-5.9.0 +---------------- + +- We prefer AEAD algorithms for ESP and therefore put AES-GCM in a default AEAD + proposal in front of the previous default proposal. + +- The NM backend now clears cached credentials when disconnecting, has DPD and + and close action set to restart, and supports custom remote TS via 'remote-ts' + option (no GUI support). + +- The pkcs11 plugin falls back to software hashing for PKCS#1v1.5 RSA signatures + if mechanisms with hashing (e.g. CKM_SHA256_RSA_PKCS) are not supported. + +- The owner/group of log files is now set so the daemon can reopen them if the + config is reloaded and it doesn't run as root. + +- The wolfssl plugin (with wolfSSL 4.4.0+) supports x448 DH and Ed448 keys. + +- The vici plugin stores all CA certificates in one location, which avoids + issues with unloading authority sections or clearing all credentials. + +- When unloading a vici connection with start_action=start, any related IKE_SAs + without children are now terminated (including those in CONNECTING state). + +- The hashtable implementation has been changed so it maintains insertion order. + This was mainly done so the vici plugin can store its connections in a + hashtable, which makes managing high numbers of connections faster. + +- The default maximum size for vici messages (512 KiB) can now be changed via + VICI_MESSAGE_SIZE_MAX compile option. + +- The charon.check_current_path option allows forcing a DPD exchange to check if + the current path still works whenever interface/address-changes are detected. + +- It's possible to use clocks other than CLOCK_MONOTONIC (e.g. CLOCK_BOOTTIME) + via TIME_CLOCK_ID compile option if clock_gettime() is available and + pthread_condattr_setclock() supports that clock. + +- Test cases and functions can now be filtered when running the unit tests. + + strongswan-5.8.4 ----------------