[Announce] ANNOUNCE: strongswan-4.6.2 released

Andreas Steffen andreas.steffen at strongswan.org
Tue Feb 21 04:25:32 CET 2012


we are proud to present strongSwan 4.6.2, offering the following new

Trusted Network Connect

- HSR master student Sansar Choinyambuu fully implemented the "TCG
  Attestation Platform Trust Service (PTS) Protocol: Binding to IF-M"
  standard (TLV-based messages only), making trustworthy remote
  attestation based on a Trusted Platform Module (TPM) of the Linux
  Integrity Measurement Architecture (IMA) or Intel TBOOT possible.


  Measurement reference values are automatically stored in an SQLite
  database that can be managed using the new ipsec attest command line

  * PTS Integrity Measurement Collector:


  * PTS Integrity Measurement Verifier:


- Upgraded the TCG IF-IMC and IF-IMV C API to the upcoming version 1.3
  which supports IF-TNCCS 2.0 long message types, the exclusive flag
  and multiple IMC/IMV IDs. Both the TNC Client and Server as well as
  the "Test", "Scanner", and "Attestation" IMC/IMV pairs were updated.


  Overview on strongSwan's support of the TCG TNC/IETF NEA Framework:


RADIUS Accounting

- The EAP-RADIUS authentication backend supports RADIUS accounting.
  It sends start/stop messages containing Username, Framed-IP and
  Input/Output-Octets attributes and has been tested against FreeRADIUS
  and Microsoft NPS.


  Tue Feb  7 16:32:21 2012
	Acct-Status-Type = Start
	Acct-Session-Id = "1328628738-1"
	User-Name = "carol"
	NAS-Port-Type = Virtual
	NAS-Identifier = "strongSwan"
	NAS-IP-Address =
	Acct-Unique-Session-Id = "385526c5638de88a"
	Timestamp = 1328628741
	Request-Authenticator = Verified

  Tue Feb  7 16:32:29 2012
	Acct-Status-Type = Stop
	Acct-Session-Id = "1328628738-1"
	User-Name = "carol"
	Acct-Output-Octets = 7100
	Acct-Input-Octets = 7100
	Acct-Session-Time = 8
	NAS-Port-Type = Virtual
	NAS-Identifier = "strongSwan"
	NAS-IP-Address =
	Acct-Unique-Session-Id = "385526c5638de88a"
	Timestamp = 1328628749
	Request-Authenticator = Verified

PKCS#8 Encoded Private Keys

- Added support for PKCS#8 encoded private keys via the libstrongswan
  pkcs8 plugin.  This is the default format used by some OpenSSL tools
  since version 1.0.0 (e.g. openssl req with -keyout).



TLS Session Resumption

- Added session resumption support to the strongSwan TLS stack.

Please report any issues with the new release!

Best regards

Tobias Brunner, Andreas Steffen, Martin Willi

The strongSwan Team

Andreas Steffen                         andreas.steffen at strongswan.org
strongSwan - the Linux VPN Solution!                www.strongswan.org
Institute for Internet Technologies and Applications
University of Applied Sciences Rapperswil
CH-8640 Rapperswil (Switzerland)

More information about the Announce mailing list