sharpetronics/strongswan
1
0
Fork 0
mirror of https://github.com/strongswan/strongswan.git synced 2025-10-03 00:00:24 -04:00
Code Issues Projects Releases Wiki Activity

NEWS: Add news for 5.9.10

Browse Source
This commit is contained in:
Tobias Brunner 2023-02-24 16:03:07 +01:00
parent 8e9b2bd27f
commit d605584a7a
2 changed files with 39 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

34
NEWS
View File

@ -1,3 +1,37 @@
strongswan-5.9.10
-----------------
- Added support for full packet hardware offload for IPsec SAs and policies with
Linux 6.2 kernels to the kernel-netlink plugin.
- TLS-based EAP methods now use the standardized key derivation when used
with TLS 1.3.
- The eap-tls plugin properly supports TLS 1.3 according to RFC 9190, by
implementing the "protected success indication".
- With the `prefer` value for the `childless` setting, initiators will create
a childless IKE_SA if the responder supports the extension.
- Routes via XFRM interfaces can optionally be installed automatically by
enabling the `install_routes_xfrmi` option of the kernel-netlink plugin.
- charon-nm now uses XFRM interfaces instead of dummy TUN devices to avoid
issues with name resolution if they are supported by the kernel.
- The `pki --req` command can encode extendedKeyUsage (EKU) flags in the
PKCS#10 certificate signing request.
- The `pki --issue` command adopts EKU flags from CSRs but allows modifying them
(replace them completely, or adding/removing specific flags).
- On Linux 6.2 kernels, the last use times of CHILD_SAs are determined via the
IPsec SAs instead of the policies.
- For libcurl with MultiSSL support, the curl plugin provides an option to
select the SSL/TLS backend.
strongswan-5.9.9
----------------

10
conf/plugins/kernel-netlink.opt
View File

@ -32,11 +32,11 @@ charon.plugins.kernel-netlink.install_routes_xfrmi = no
Whether to install routes for SAs that reference XFRM interfaces.
Whether routes via XFRM interfaces are automatically installed for SAs that
reference such an interface via _if_id_. If the traffic selectors include
the IKE traffic to the peer, this requires special care (e.g. installing
bypass policies and/or routes, or setting a mark on the IKE socket and
excluding such packets from the configured routing table via _fwmark_
option).
reference such an interface via _if_id_out_. If the traffic selectors
include the IKE traffic to the peer, this requires special care (e.g.
installing bypass policies and/or routes, or setting a mark on the IKE
socket and excluding such packets from the configured routing table via
_fwmark_ option).
charon.plugins.kernel-netlink.mss = 0
MSS to set on installed routes, 0 to disable.