[strongSwan-dev] ANNOUNCE: strongswan-5.2.2rc1 released

Andreas Steffen andreas.steffen at strongswan.org
Sun Dec 14 14:56:56 CET 2014


we are proud to announce the first Release Candidate of the forthcoming
strongSwan 5.2.2 release.

* Post-quantum Bimodal Lattice Signature Scheme (BLISS)

  The biggest news is the availability of BLISS as an alternative
  next generation public key authentication method in IKEv2
  connections. Together with the NTRU Encryption based IKE key exchange
  methods released with strongSwan 5.1.2 at the beginning of this
  year it has now become possible to set up IPsec connections with
  either 128 bit or 192 bit cryptographic strength that are resistant
  against attacks by quantum computers.

  The following IKEv2 remote access scenario shows the BLISS/NTRU
  combination at work:


  The strongSwan *pki* tool fully supports the generation of BLISS-based
  key pairs, certificates and CRLs. For details have a look at our


* Explicit type prefixes for left|rightid

  The left/rightid options in ipsec.conf, or any other identity in
  strongSwan, now accept prefixes to enforce an explicit type, such as
  email: or fqdn:. Note that no conversion is done for the remaining
  string. Refer to ipsec.conf(5) for details.

* Correct mapping of AH integrity algorithms with IKEv1

  We fixed mapping of the integrity algorithms negotiated for AH
  via IKEv1. This could cause interoperability issues when connecting
  to older versions of charon.

Please test the release candidate an give us feedback on any issues

Best regards


Andreas Steffen                         andreas.steffen at strongswan.org
strongSwan - the Open Source VPN Solution!          www.strongswan.org
Institute for Internet Technologies and Applications
University of Applied Sciences Rapperswil
CH-8640 Rapperswil (Switzerland)

More information about the Dev mailing list