[Announce] ANNOUNCE: strongswan-4.3.2 released

Andreas Steffen andreas.steffen at strongswan.org
Mon Jun 22 10:46:06 CEST 2009


we are happy to announce the release of strongSwan 4.3.2, our
LinuxTag 2009 edition offering the following new features:

* Support of the GNU Libgcrypt library

  The new gcrypt plugin provides symmetric cipher, hasher, RNG,
  Diffie-Hellman and RSA crypto primitives using the LGPL licensed
  GNU gcrypt library. Here are some sample scenarios:


  Thus a third alternative to the built-in crypto primitives using
  the GNU Multi-Precision library (GMP) and the OpenSSL crypto library
  has been made available. The following link shows a comparison of DH,
  RSA, and ECDSA public key speed performance:


  Clearly the GMP library shows the best performance, closely
  followed by OpenSSL whereas Libgcrypt is considerably slower.

* Self-test of crypto algorithms

  libstrongswan features an integrated crypto self-test framework for
  registered algorithms. The test-vector plugin (--enable-test-vectors)
  provides a first set of test vectors and allows pluto and charon to
  rely on tested crypto algorithms. Here is a sample self-test output:


  In order to activate the self-tests during startup, add the following
  lines to strongswan.conf:

  libstrongswan {
      crypto_test {
          on_add = yes

* IKEv1 pluto daemon supports ECP DH groups and ECDSA signatures

  Thanks to the use of the openssl plugin, the ECP Diffie-Hellman groups
  19, 20, 21, 25, and 26 as well as ECDSA-256, ECDSA-384, and ECDSA-521
  authentication can be used with IKEv1.

   IKEv1 ECP DH group scenario:


  IKEv1 ECDSA signature scenario:


Best regards

Andreas Steffen & Martin Willi

Andreas Steffen                         andreas.steffen at strongswan.org
strongSwan - the Linux VPN Solution!                www.strongswan.org
Institute for Internet Technologies and Applications
University of Applied Sciences Rapperswil
CH-8640 Rapperswil (Switzerland)

More information about the Announce mailing list