[Announce] ANNOUNCE: strongswan-4.3.2 released

Andreas Steffen andreas.steffen at strongswan.org
Mon Jun 22 10:46:06 CEST 2009 

Hello,

we are happy to announce the release of strongSwan 4.3.2, our
LinuxTag 2009 edition offering the following new features:

* Support of the GNU Libgcrypt library
  ------------------------------------

  The new gcrypt plugin provides symmetric cipher, hasher, RNG,
  Diffie-Hellman and RSA crypto primitives using the LGPL licensed
  GNU gcrypt library. Here are some sample scenarios:

  http://www.strongswan.org/uml/testresults43/gcrypt-ikev2/index.html

  Thus a third alternative to the built-in crypto primitives using
  the GNU Multi-Precision library (GMP) and the OpenSSL crypto library
  has been made available. The following link shows a comparison of DH,
  RSA, and ECDSA public key speed performance:

     http://wiki.strongswan.org/wiki/strongswan/PublicKeySpeed

  Clearly the GMP library shows the best performance, closely
  followed by OpenSSL whereas Libgcrypt is considerably slower.

* Self-test of crypto algorithms
  ------------------------------

  libstrongswan features an integrated crypto self-test framework for
  registered algorithms. The test-vector plugin (--enable-test-vectors)
  provides a first set of test vectors and allows pluto and charon to
  rely on tested crypto algorithms. Here is a sample self-test output:

http://www.strongswan.org/uml/testresults43/openssl-ikev2/rw-cert/moon.daemon.log

  In order to activate the self-tests during startup, add the following
  lines to strongswan.conf:

  libstrongswan {
      crypto_test {
          on_add = yes
      }
  }

* IKEv1 pluto daemon supports ECP DH groups and ECDSA signatures
  --------------------------------------------------------------

  Thanks to the use of the openssl plugin, the ECP Diffie-Hellman groups
  19, 20, 21, 25, and 26 as well as ECDSA-256, ECDSA-384, and ECDSA-521
  authentication can be used with IKEv1.

   IKEv1 ECP DH group scenario:

http://www.strongswan.org/uml/testresults43/openssl-ikev1/alg-ecp-high/

  IKEv1 ECDSA signature scenario:

http://www.strongswan.org/uml/testresults43/openssl-ikev1/ecdsa-certs/

Best regards

Andreas Steffen & Martin Willi

======================================================================
Andreas Steffen                         andreas.steffen at strongswan.org
strongSwan - the Linux VPN Solution!                www.strongswan.org
Institute for Internet Technologies and Applications
University of Applied Sciences Rapperswil
CH-8640 Rapperswil (Switzerland)
===========================================================[ITA-HSR]==

More information about the Announce mailing list