[Announce] ANNOUNCE: strongswan-4.3.3 released

Andreas Steffen andreas.steffen at strongswan.org
Thu Jul 23 14:28:15 CEST 2009


strongswan-4.3.3 is out and offers two new features:

Optional Integrity Checksum Tests

The configuration option --enable-integrity-test plus the
strongswan.conf option libstrongswan.integrity_test=yes activate
integrity tests of the IKE daemons charon and pluto, libstrongswan
and all loaded plugins. Thus dynamic library misconfigurations and
non-malicious file manipulations can be reliably detected.  More
details can be found under the following wiki link:


All our rw-cert UML test scenarios are run with enabled integrity
and crypto tests, e.g.



IKEv1 Suite B Interoperability with MS Windows

The new default setting libstrongswan.ecp_x_coordinate_only=yes allows
IKEv1 interoperability with MS Windows using the ECP DH groups 19 and
20. Additionally the IKEv1 pluto daemon now supports the AES-CCM and
AES-GCM ESP authenticated encryption algorithms. Together with ECDSA
signatures the strongSwan IKEv1 functionality is now compliant with
Suite B defined by RFC 4869.


Still missing is AES-GMAC support by the Linux kernel (the crypto code
is there somewhere but the XFRM interface isn't [yet]). Anyway, using
ECP DH groups, ECDSA certificates and AES-GCM ESP authenticated
encryption we did a couple of successful interoperability tests with
the IPsec functionality of the Windows 7/Vista/Server 2008 Advanced


Security Update

The RDN parser vulnerability discovered by Orange Labs research team
two months ago was not completely fixed by version 4.3.2. Some more
modifications had to be applied to the asn1_length() function to make
it robust. Patches for older versions are available under the link


Best regards

Andreas Steffen              Martin Willi
strongSwan Project Leader    IKEv2 Software Architect

Andreas Steffen                         andreas.steffen at strongswan.org
strongSwan - the Linux VPN Solution!                www.strongswan.org
Institute for Internet Technologies and Applications
University of Applied Sciences Rapperswil
CH-8640 Rapperswil (Switzerland)

More information about the Announce mailing list