Version 4.3.2

  • The new gcrypt plugin provides symmetric cipher, hasher, RNG, Diffie-Hellman
    and RSA crypto primitives using the LGPL licensed GNU gcrypt library.
  • libstrongswan features an integrated crypto selftest framework for registered
    algorithms. The test-vector plugin provides a first set of test vectors and
    allows pluto and charon to rely on tested crypto algorithms.
  • pluto can now use all libstrongswan plugins with the exception of x509 and xcbc.
    Thanks to the openssl plugin, the ECP Diffie-Hellman groups 19, 20, 21, 25, and
    26 as well as ECDSA-256, ECDSA-384, and ECDSA-521 authentication can be used
    with IKEv1.
  • Applying their fuzzing tool, the Orange Labs vulnerability research team found
    another two DoS vulnerabilities, one in the rather old ASN.1 parser of Relative
    Distinguished Names (RDNs) and a second one in the conversion of ASN.1 UTCTIME
    and GENERALIZEDTIME strings to a time_t value.