[strongSwan] Full SHA-2 IPsec support with strongSwan 4.3.6 and Linux kernel 2.6.33

Andreas Steffen andreas.steffen at strongswan.org
Sun Feb 28 19:49:26 CET 2010


Hi,

the Linux kernel 2.6.33 containing Martin Willi's SHA-2 ESP patch
making the SHA256 HMAC truncation length compliant with RFC 4868
and adding SHA384 and SHA512 HMAC support was released last week
on February 24, 2010.

strongSwan 4.3.6 is now able to correctly configure SHA-2 based
IPsec data integrity in the Linux 2.6.33 kernel via either the IKEv1
or IKEv2 protocols without the need to apply any kernel patches.
Example scenarios are available under the link

  http://www.strongswan.org/uml/testresults43/

Thus we hope to see strongSwan 4.3.6 in all Linux distributions
running under a 2.6.33 kernel :-)

Best regards

Andreas

======================================================================
Andreas Steffen                         andreas.steffen at strongswan.org
strongSwan - the Linux VPN Solution!                www.strongswan.org
Institute for Internet Technologies and Applications
University of Applied Sciences Rapperswil
CH-8640 Rapperswil (Switzerland)
===========================================================[ITA-HSR]==




More information about the Users mailing list