strongSwan

h1. Version 5.9.0

* We prefer AEAD algorithms for ESP and therefore put AES-GCM in a default AEAD proposal in front

  of the previous default proposal.

* Changes related to the [[NetworkManager|NM frontend]] and backend (charon-nm):

** Password entry for private keys in the frontend has been fixed, in the backend, cached credentials

   are now also cleared when the connection is terminated (#3428).

** The AppStream metadata installed by the frontend has been migrated from _appdata_ to

   _metainfo_ (commit:73b60338dc).

** The height of the frontend has been reduced by using tabs for options/proposals (#3448).

** DPD and close action are now set to _restart_ in the backend (#3300).

** The backend supports custom remote traffic selectors via @remote-ts@ option (separated by @;@).

   There is currently no GUI support, so configuration has to be done manually via @nmcli@ or

   config file.

* If a connection fails after getting redirected, we now restart connecting to the original host, not the

  one redirected to.

* The [[pkcs11plugin|pkcs11 plugin]] falls back to hashing data for PKCS#1 v1.5 RSA signatures in software if the

  smartcard/library doesn't support signature mechanisms with hashing (e.g. @CKM_SHA256_RSA_PKCS@).

* The owner/group of the log file opened by the file logger (e.g. via _charon.filelog_) is now set so the

  daemon can reopen it if the config is reloaded and it doesn't run as root.

* The _wolfssl_ plugin (when used with wolfSSL 4.4.0+) supports x448 Diffie-Hellman and Ed448 keys.

* Support for high numbers of [[retransmission|retransmits]] has been fixed (commit:72b282cf20).

* For peers that don't send the @EAP_ONLY_AUTHENTICATION@ notify but still expect to use EAP-only

  authentication, the _charon.force_eap_only_authentication_ option can be enabled to force this type

  of authentication even on non-compliant peers.

* DH groups are properly handled during migration of CHILD_SA-creating tasks when reestablishing (may

  have caused DH groups in the proposal sent during IKE_AUTH).

* The [[vici]] plugin stores all CA certificates in one location, which avoids issues with unloading _authority_

  sections or clearing all credentials ("GH#172":https://github.com/strongswan/strongswan/pull/172).

* When unloading a [[vici]] connection with _start_action=start_, any related IKE_SAs without children are now

  terminated (including those in CONNECTING state).

* The hashtable implementation has been changed so it maintains insertion order (the old implementation,

  including the @get_match()@ method and a new feature to sort keys, has been migrated to the @hashlist_t@

  class). This was mainly done so the [[vici]] plugin can store its connections in a hashtable, which makes

  managing high numbers of connections faster.

* The default maximum size for [[vici]] messages (512 KiB) can now be changed via @VICI_MESSAGE_SIZE_MAX@

  compile option.

* IPv6 virtual IPs are now always enumerated, ignoring the _charon.prefer_temporary_addrs_ setting, which

  should fix route installation if the latter is enabled.

* The version as obtained from the Git repository (via @git describe@) on which a build is based can now be

  used in executables (@--enable-git-version@). Tarballs include a text file with that information cached.

* Connectivity with the [[AndroidVPNClient|Android client]] got a lot more stable on Android 6+ where the system aggressively

  suspends apps when the device is idle (Doze mode).  We now use a custom scheduler that uses Android's

  AlarmManager, which allows waking up the app even if the system put it to sleep. It does require adding

  the app to the system's battery optimization whitelist, which is requested from the user automatically if

  necessary. With this, NAT keepalives and rekeyings are now scheduled accurately, with little changes to the

  battery usage (#3364).

  There are some related changes that could be useful outside of the Android client:

** It's possible to use other clocks than @CLOCK_MONOTONIC@ (e.g. @CLOCK_BOOTTIME@) via @TIME_CLOCK_ID@

   compile option if @clock_gettime()@ is available and @pthread_condattr_setclock()@ supports that

   clock (Android's bionic C library e.g. only supports @CLOCK_MONOTONIC@ and @CLOCK_REALTIME@ while the

   kernel would support @CLOCK_BOOTTIME@ via  @clock_gettime()@).

** When using a clock that includes time spent suspended, the new _charon.keep_alive_dpd_margin_ option

   may be used to trigger a DPD instead of a NAT keepalive if too much time has passed.

** Another option (_charon.check_current_path_) allows forcing a DPD exchange to check if the current path

   still works whenever changes to interfaces/addresses are detected.

* Test cases and functions can now be filtered when running the unit tests (see [[DeveloperDocumentation]]).