Version 5.6.3 » History » Version 2
Version 1 (Tobias Brunner, 13.02.2018 14:21) → Version 2/3 (Tobias Brunner, 24.05.2018 13:05)
h1. Version 5.6.3
* Fixed a vulnerability in the _stroke_ plugin, which did not check the received length before
reading a message from the socket. Unless a [[ReducedPrivileges#Running-strongSwan-as-non-root|group]] is configured, root privileges are
required to access that socket, so in the default configuration this shouldn't be an issue.
The fix (commit:0acd1ab4d0) is also "available for older releases":https://download.strongswan.org/security/CVE-2018-5388/.
This vulnerability has been registered as "CVE-2018-5388":https://cve.mitre.org/cgi-bin/cvename.cgi?name=2018-5388.
* CRLs that are not yet valid are now ignored to avoid problems in scenarios where expired
certificates are removed from new CRLs and the clock on the host doing the revocation
check is trailing behind that of the host issuing CRLs. Not doing this could result in accepting
a revoked and expired certificate, if it's still valid according to the trailing clock but not
contained anymore in not yet valid CRLs.
* The issuer of fetched CRLs is now compared to the issuer of the checked certificate (#2608).
* CRL validation results other than revocation (e.g. a skipped check because the CRL couldn't
will be fetched) are now stored also for intermediate CA certificates and not only for end-entity
certificates, so a strict CRL policy can be enforced in such cases.
* In compliance with "RFC 4945, section 5.1.3.2":https://tools.ietf.org/html/rfc4945#section-5.1.3.2, certificates used for IKE must now either
*not* contain a _keyUsage_ extension (like the ones generated by [[ipsecpki|pki]]), or have at least one of the
_digitalSignature_ or _nonRepudiation_ bits set.
* New options next minor release, see "Roadmap":http://wiki.strongswan.org/projects/strongswan/roadmap for [[vici]]/[[swanctl]] allow forcing the local termination of an IKE_SA. This might be
useful in situations where it's known the other end is not reachable anymore, or that it already
removed the IKE_SA, so retransmitting a DELETE and waiting for a response would be pointless.
Waiting only a certain amount of time for a response (i.e. shorter than all retransmits would be)
before destroying the IKE_SA is also possible by additionally specifying a timeout in the forced
termination request.
* When removing routes, the _kernel-netlink_ plugin now checks if it tracks other routes for the same
destination and replaces the installed route instead of just removing it. Same during installation,
where existing routes previously weren't replaced. This should allow using traps with virtual IPs
updates on Linux (#2162).
* The [[dhcpplugin|dhcp plugin]] now only sends the client identifier DHCP option if the _identity_lease_ setting is
enabled (commit:7b660944b6). It can also send identities of up to 255 bytes length, instead of the
previous 64 bytes (commit:30e886fe3b, commit:0e5b94d038). If a server address is configured, DHCP requests
are now sent from port 67 instead of 68 to avoid ICMP port unreachables (commit:becf027cd9).
* The handling of faulty @INVALID_KE_PAYLOAD@ notifies (e.g. one containing a DH group that wasn't
proposed) during @CREATE_CHILD_SA@ exchanges has been improved (#2536).
* Roam events are now completely ignored for IKEv1 SAs (there is no MOBIKE to handle such
changes properly).
* ChaCha20/Poly1305 is now correctly proposed without key length (#2614). For compatibility with
older releases the _chacha20poly1305compat_ keyword may be included in proposals to also propose
the algorithm with a key length (commit:c58434aeff).
* Configuration of hardware offload of IPsec SAs is now more flexible and allows a new setting (_auto_),
which automatically uses it if the kernel and device both support it. If _hw_offload_ is set to _yes_ and
offloading is not supported, the CHILD_SA installation now fails.
* The _kernel-pfkey_ plugin optionally installs routes via internal interface (one with an IP in the local
traffic selector). On FreeBSD, enabling this selects the correct source IP when sending packets
from the gateway itself (commit:e811659323).
* SHA-2 based PRFs are supported in PKCS#8 files as generated by OpenSSL 1.1 (#2574).
* The [[ipsecpkiverify|pki --verify]] tool may load CA certificates and CRLs from directories.
* The IKE daemon now also switches to port 4500 if the remote port is not 500 (e.g. because the
remote maps the response to a different port, as might happen on Azure), as long as the local port
is 500 (commit:85bfab621d).
* Fixed an issue with DNS servers passed to NetworkManager in charon-nm (commit:ee8c25516a).
* Logged traffic selectors now always contain the protocol if either protocol or port are set (commit:a36d8097ed).
* Only the inbound SA/policy will be updated as reaction to IP address changes for rekeyed CHILD_SAs
that are kept around.
* The parser for [[strongswan.conf]]/[[swanctl.conf]] now accepts @=@ characters in values without having to
put the value in quotes (e.g. for Base64 encoded shared secrets).
* Notes for developers:
* *trap_manager_t*: Trap policies are now unistalled by peer/child name and not the reqid.
No reqid is returned anymore when installing trap policies.
* *child_sa_t*: A new state (@CHILD_DELETED@) is used for CHILD_SAs that have been deleted but not yet
destroyed (after a rekeying CHILD_SAs are kept around for a while to process delayed packets).
This way child_updown events are not triggered anymore for such SAs when an IKE_SA that has such
CHILD_SAs assigned is deleted. release date.
* Fixed a vulnerability in the _stroke_ plugin, which did not check the received length before
reading a message from the socket. Unless a [[ReducedPrivileges#Running-strongSwan-as-non-root|group]] is configured, root privileges are
required to access that socket, so in the default configuration this shouldn't be an issue.
The fix (commit:0acd1ab4d0) is also "available for older releases":https://download.strongswan.org/security/CVE-2018-5388/.
This vulnerability has been registered as "CVE-2018-5388":https://cve.mitre.org/cgi-bin/cvename.cgi?name=2018-5388.
* CRLs that are not yet valid are now ignored to avoid problems in scenarios where expired
certificates are removed from new CRLs and the clock on the host doing the revocation
check is trailing behind that of the host issuing CRLs. Not doing this could result in accepting
a revoked and expired certificate, if it's still valid according to the trailing clock but not
contained anymore in not yet valid CRLs.
* The issuer of fetched CRLs is now compared to the issuer of the checked certificate (#2608).
* CRL validation results other than revocation (e.g. a skipped check because the CRL couldn't
will be fetched) are now stored also for intermediate CA certificates and not only for end-entity
certificates, so a strict CRL policy can be enforced in such cases.
* In compliance with "RFC 4945, section 5.1.3.2":https://tools.ietf.org/html/rfc4945#section-5.1.3.2, certificates used for IKE must now either
*not* contain a _keyUsage_ extension (like the ones generated by [[ipsecpki|pki]]), or have at least one of the
_digitalSignature_ or _nonRepudiation_ bits set.
* New options next minor release, see "Roadmap":http://wiki.strongswan.org/projects/strongswan/roadmap for [[vici]]/[[swanctl]] allow forcing the local termination of an IKE_SA. This might be
useful in situations where it's known the other end is not reachable anymore, or that it already
removed the IKE_SA, so retransmitting a DELETE and waiting for a response would be pointless.
Waiting only a certain amount of time for a response (i.e. shorter than all retransmits would be)
before destroying the IKE_SA is also possible by additionally specifying a timeout in the forced
termination request.
* When removing routes, the _kernel-netlink_ plugin now checks if it tracks other routes for the same
destination and replaces the installed route instead of just removing it. Same during installation,
where existing routes previously weren't replaced. This should allow using traps with virtual IPs
updates on Linux (#2162).
* The [[dhcpplugin|dhcp plugin]] now only sends the client identifier DHCP option if the _identity_lease_ setting is
enabled (commit:7b660944b6). It can also send identities of up to 255 bytes length, instead of the
previous 64 bytes (commit:30e886fe3b, commit:0e5b94d038). If a server address is configured, DHCP requests
are now sent from port 67 instead of 68 to avoid ICMP port unreachables (commit:becf027cd9).
* The handling of faulty @INVALID_KE_PAYLOAD@ notifies (e.g. one containing a DH group that wasn't
proposed) during @CREATE_CHILD_SA@ exchanges has been improved (#2536).
* Roam events are now completely ignored for IKEv1 SAs (there is no MOBIKE to handle such
changes properly).
* ChaCha20/Poly1305 is now correctly proposed without key length (#2614). For compatibility with
older releases the _chacha20poly1305compat_ keyword may be included in proposals to also propose
the algorithm with a key length (commit:c58434aeff).
* Configuration of hardware offload of IPsec SAs is now more flexible and allows a new setting (_auto_),
which automatically uses it if the kernel and device both support it. If _hw_offload_ is set to _yes_ and
offloading is not supported, the CHILD_SA installation now fails.
* The _kernel-pfkey_ plugin optionally installs routes via internal interface (one with an IP in the local
traffic selector). On FreeBSD, enabling this selects the correct source IP when sending packets
from the gateway itself (commit:e811659323).
* SHA-2 based PRFs are supported in PKCS#8 files as generated by OpenSSL 1.1 (#2574).
* The [[ipsecpkiverify|pki --verify]] tool may load CA certificates and CRLs from directories.
* The IKE daemon now also switches to port 4500 if the remote port is not 500 (e.g. because the
remote maps the response to a different port, as might happen on Azure), as long as the local port
is 500 (commit:85bfab621d).
* Fixed an issue with DNS servers passed to NetworkManager in charon-nm (commit:ee8c25516a).
* Logged traffic selectors now always contain the protocol if either protocol or port are set (commit:a36d8097ed).
* Only the inbound SA/policy will be updated as reaction to IP address changes for rekeyed CHILD_SAs
that are kept around.
* The parser for [[strongswan.conf]]/[[swanctl.conf]] now accepts @=@ characters in values without having to
put the value in quotes (e.g. for Base64 encoded shared secrets).
* Notes for developers:
* *trap_manager_t*: Trap policies are now unistalled by peer/child name and not the reqid.
No reqid is returned anymore when installing trap policies.
* *child_sa_t*: A new state (@CHILD_DELETED@) is used for CHILD_SAs that have been deleted but not yet
destroyed (after a rekeying CHILD_SAs are kept around for a while to process delayed packets).
This way child_updown events are not triggered anymore for such SAs when an IKE_SA that has such
CHILD_SAs assigned is deleted. release date.