[Announce] ANNOUNCE: strongswan-2.8.3 released

Andreas Steffen andreas.steffen at strongswan.org
Thu Feb 22 11:28:10 CET 2007 

Hi,

the lastest 2.8.3 release is available from

   http://www.strongswan.org/

We fixed a recently discovered bug in the computation of the
SHA-512-HMAC function used for IKE. We also added the SHA-384 hash
and HMAC functions and created a matching UML scenario:

   http://www.strongswan.org/uml/testresults2/ike-alg-sha2_384/

In order to prevent such bugs in the future we now execute
automatic testvector-based self-tests of all hash functions
(MD5, SHA-1, SHA-2) during pluto startup. Currently only a warning
is issued in the case of a test failure but in a future release the
corresponding crypto functions will be automatically removed.

   moon pluto[8086]: Testing registered IKE hash algorithms:
   moon pluto[8086]:   OAKLEY_MD5 hash self-test passed
   moon pluto[8086]:   OAKLEY_MD5 hmac self-test passed
   moon pluto[8086]:   OAKLEY_SHA hash self-test passed
   moon pluto[8086]:   OAKLEY_SHA hmac self-test passed
   moon pluto[8086]:   OAKLEY_SHA2_256 hash self-test passed
   moon pluto[8086]:   OAKLEY_SHA2_256 hmac self-test passed
   moon pluto[8086]:   OAKLEY_SHA2_384 hash self-test passed
   moon pluto[8086]:   OAKLEY_SHA2_384 hmac self-test passed
   moon pluto[8086]:   OAKLEY_SHA2_512 hash self-test passed
   moon pluto[8086]:   OAKLEY_SHA2_512 hmac self-test passed
   moon pluto[8086]: All crypto self-tests passed

SHA-2 signatures are now supported in X.509 certificates. You can use 
openssl-0.9.8 to generate these stronger certificates for use with 
strongSwan. The following UML scenarios uses X.509 certificates with
a SHA-256, SHA-384, and SHA-512 signature.

  http://www.strongswan.org/uml/testresults2/strong-certs/

Best regards

Andreas

======================================================================
Andreas Steffen                         andreas.steffen at strongswan.org
strongSwan - the Linux VPN Solution!                www.strongswan.org
Institute for Internet Technologies and Applications
University of Applied Sciences Rapperswil
CH-8640 Rapperswil (Switzerland)
===========================================================[ITA-HSR]==
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3417 bytes
Desc: S/MIME Cryptographic Signature
Url : https://lists.strongswan.org/pipermail/announce/attachments/20070222/51616972/attachment.bin

More information about the Announce mailing list