[strongSwan] ANNOUNCE: strongswan-5.2.2rc1 released
Andreas Steffen
andreas.steffen at strongswan.org
Sun Dec 14 14:56:56 CET 2014
Hello,
we are proud to announce the first Release Candidate of the forthcoming
strongSwan 5.2.2 release.
* Post-quantum Bimodal Lattice Signature Scheme (BLISS)
The biggest news is the availability of BLISS as an alternative
next generation public key authentication method in IKEv2
connections. Together with the NTRU Encryption based IKE key exchange
methods released with strongSwan 5.1.2 at the beginning of this
year it has now become possible to set up IPsec connections with
either 128 bit or 192 bit cryptographic strength that are resistant
against attacks by quantum computers.
The following IKEv2 remote access scenario shows the BLISS/NTRU
combination at work:
http://www.strongswan.org/uml/testresults5rc/ikev2/rw-ntru-bliss/
The strongSwan *pki* tool fully supports the generation of BLISS-based
key pairs, certificates and CRLs. For details have a look at our
BLISS HOWTO:
https://wiki.strongswan.org/projects/strongswan/wiki/Bliss
* Explicit type prefixes for left|rightid
The left/rightid options in ipsec.conf, or any other identity in
strongSwan, now accept prefixes to enforce an explicit type, such as
email: or fqdn:. Note that no conversion is done for the remaining
string. Refer to ipsec.conf(5) for details.
* Correct mapping of AH integrity algorithms with IKEv1
We fixed mapping of the integrity algorithms negotiated for AH
via IKEv1. This could cause interoperability issues when connecting
to older versions of charon.
Please test the release candidate an give us feedback on any issues
encountered.
Best regards
Andreas
======================================================================
Andreas Steffen andreas.steffen at strongswan.org
strongSwan - the Open Source VPN Solution! www.strongswan.org
Institute for Internet Technologies and Applications
University of Applied Sciences Rapperswil
CH-8640 Rapperswil (Switzerland)
===========================================================[ITA-HSR]==
More information about the Users
mailing list