sharpetronics/strongswan
1
0
Fork 0
mirror of https://github.com/strongswan/strongswan.git synced 2025-10-03 00:00:24 -04:00
Code Issues Projects Releases Wiki Activity

NEWS: Add news for 5.9.10

Browse Source
This commit is contained in:
Tobias Brunner 2023-02-24 16:03:07 +01:00
parent 8e9b2bd27f
commit d605584a7a
2 changed files with 39 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

34
NEWS
View File

@ -1,3 +1,37 @@
strongswan-5.9.10
-----------------
- Added support for full packet hardware offload for IPsec SAs and policies with
Linux 6.2 kernels to the kernel-netlink plugin.
- TLS-based EAP methods now use the standardized key derivation when used
with TLS 1.3.
- The eap-tls plugin properly supports TLS 1.3 according to RFC 9190, by
implementing the "protected success indication".
- With the `prefer` value for the `childless` setting, initiators will create
a childless IKE_SA if the responder supports the extension.
- Routes via XFRM interfaces can optionally be installed automatically by
enabling the `install_routes_xfrmi` option of the kernel-netlink plugin.
- charon-nm now uses XFRM interfaces instead of dummy TUN devices to avoid
issues with name resolution if they are supported by the kernel.
- The `pki --req` command can encode extendedKeyUsage (EKU) flags in the
PKCS#10 certificate signing request.
- The `pki --issue` command adopts EKU flags from CSRs but allows modifying them
(replace them completely, or adding/removing specific flags).
- On Linux 6.2 kernels, the last use times of CHILD_SAs are determined via the
IPsec SAs instead of the policies.
- For libcurl with MultiSSL support, the curl plugin provides an option to
select the SSL/TLS backend.
strongswan-5.9.9 strongswan-5.9.9
---------------- ----------------

10
conf/plugins/kernel-netlink.opt
View File

@ -32,11 +32,11 @@ charon.plugins.kernel-netlink.install_routes_xfrmi = no
Whether to install routes for SAs that reference XFRM interfaces. Whether to install routes for SAs that reference XFRM interfaces.
Whether routes via XFRM interfaces are automatically installed for SAs that Whether routes via XFRM interfaces are automatically installed for SAs that
reference such an interface via _if_id_. If the traffic selectors include reference such an interface via _if_id_out_. If the traffic selectors
the IKE traffic to the peer, this requires special care (e.g. installing include the IKE traffic to the peer, this requires special care (e.g.
bypass policies and/or routes, or setting a mark on the IKE socket and installing bypass policies and/or routes, or setting a mark on the IKE
excluding such packets from the configured routing table via _fwmark_ socket and excluding such packets from the configured routing table via
option). _fwmark_ option).
charon.plugins.kernel-netlink.mss = 0 charon.plugins.kernel-netlink.mss = 0
MSS to set on installed routes, 0 to disable. MSS to set on installed routes, 0 to disable.