Version 4.6.2 » History » Version 2
Tobias Brunner, 21.02.2012 11:07
News for 4.6.2 added
| 1 | 1 | Andreas Steffen | h1. Version 4.6.2 |
|---|---|---|---|
| 2 | 1 | Andreas Steffen | |
| 3 | 2 | Tobias Brunner | * Fully implemented the "TCG Attestation PTS Protocol: Binding to IF-M" |
| 4 | 2 | Tobias Brunner | standard (TLV-based messages only). TPM-based remote attestation of |
| 5 | 2 | Tobias Brunner | "Linux IMA":http://linux-ima.sourceforge.net/ (Integrity Measurement Architecture) or Intel TBOOT possible. |
| 6 | 2 | Tobias Brunner | Measurement reference values are automatically stored in an SQLite database that |
| 7 | 2 | Tobias Brunner | can be managed using the new [[IpsecAttest|ipsec attest]] command line tool. |
| 8 | 2 | Tobias Brunner | |
| 9 | 2 | Tobias Brunner | * "PTS Integrity Measurement Collector":http://wiki.strongswan.org/projects/strongswan/wiki/PTS-IMC |
| 10 | 2 | Tobias Brunner | * "PTS Integrity Measurement Verifier":http://wiki.strongswan.org/projects/strongswan/wiki/PTS-IMV |
| 11 | 2 | Tobias Brunner | |
| 12 | 2 | Tobias Brunner | * Upgraded the TCG IF-IMC and IF-IMV C API to the upcoming version 1.3 |
| 13 | 2 | Tobias Brunner | which supports IF-TNCCS 2.0 long message types, the exclusive flags |
| 14 | 2 | Tobias Brunner | and multiple IMC/IMV IDs. Both the TNC Client and Server as well as |
| 15 | 2 | Tobias Brunner | the "Test", "Scanner", and "Attestation" IMC/IMV pairs were updated. |
| 16 | 2 | Tobias Brunner | |
| 17 | 2 | Tobias Brunner | * "Overview on strongSwan's support of the TCG TNC/IETF NEA Framework":http://www.strongswan.org/tnc/ |
| 18 | 2 | Tobias Brunner | |
| 19 | 2 | Tobias Brunner | * The [[EapRadius|EAP-RADIUS]] authentication backend supports RADIUS accounting. It sends |
| 20 | 2 | Tobias Brunner | start/stop messages containing Username, Framed-IP and Input/Output-Octets |
| 21 | 2 | Tobias Brunner | attributes and has been tested against FreeRADIUS and Microsoft NPS. |
| 22 | 2 | Tobias Brunner | |
| 23 | 2 | Tobias Brunner | {{tc(ikev2/rw-radius-accounting,Radius Accounting Example)}} |
| 24 | 2 | Tobias Brunner | |
| 25 | 2 | Tobias Brunner | * Added support for PKCS#8 encoded private keys via the libstrongswan |
| 26 | 2 | Tobias Brunner | pkcs8 plugin. This is the default format used by some OpenSSL tools since |
| 27 | 2 | Tobias Brunner | version 1.0.0 (e.g. openssl req with -keyout). |
| 28 | 2 | Tobias Brunner | |
| 29 | 2 | Tobias Brunner | * Added session resumption support to the strongSwan TLS stack. |
| 30 | 2 | Tobias Brunner | |
| 31 | 2 | Tobias Brunner | * The maximum number of stroke messages concurrently handled by the charon |
| 32 | 2 | Tobias Brunner | daemon is now limited to avoid clogging the thread pool with potentially |
| 33 | 2 | Tobias Brunner | blocking jobs. How many messages are handled concurrently can be configured |
| 34 | 2 | Tobias Brunner | with the charon.plugins.stroke.max_concurrent option in [[strongswan.conf]]. |
| 35 | 2 | Tobias Brunner | |
| 36 | 2 | Tobias Brunner | * For Android builds the binaries to be installed on the final system have to be |
| 37 | 2 | Tobias Brunner | added to PRODUCT_PACKAGES in build/target/product/core.mk. Dependencies such as |
| 38 | 2 | Tobias Brunner | libraries are automatically installed. See the comments in the top-level Android.mk. |
| 39 | 2 | Tobias Brunner | |
| 40 | 2 | Tobias Brunner | * Debug output for low-level encoding/decoding (X.509, ASN.1 etc.) are now logged |
| 41 | 2 | Tobias Brunner | in a new ASN log group. |
| 42 | 2 | Tobias Brunner | |
| 43 | 2 | Tobias Brunner | * The native thread ID is logged in the LIB log group with log level 2 when a thread is created. |