strongSwan

h1. Version 5.9.1

* Remote attestation via TNC supports the SHA-256 based TPM 2.0 BIOS/EFI measurements introduced

  with the Linux 5.4 kernel. This includes support for the BIOS/EFI event log and variable sized PCR banks.

* The _tpm_ plugin supports SHA-3 and CMAC with TPM 2.0.

* Nonces in OCSP responses are not enforced anymore (added with version:5.8.2) and only validated if a nonce

  is actually contained (#3557).

* Fixed an issue when only some fragments of a retransmitted IKEv2 message were received, which prevented

  processing a following fragmented message (non-fragmented messages were correctly processed, commit:6586f07162).

* All remaining queued [[vici]] messages are now sent to subscribed clients during shutdown, which includes

  _ike/child-updown_ events triggered when all established SAs are deleted (commit:ef636316d2).

* CHILD_SA IP addresses are now updated before installation of the IPsec SAs and policies to allow MOBIKE

  updates happening while retransmitting a CREATE_CHILD_SA request (#3164).

* When looking for a route to the peer, the _kernel-netlink_ plugin now ignores the current source address if it's

  deprecated. It also updates the flags associated with cached IP addresses and triggers a roam event if they

  change. So a [[MOBIKE]] update now switches to a new address if the current one gets deprecated (#3511).

* The file and syslog [[LoggerConfiguration|loggers]] support logging the log level of each message after the subsystem (e.g.

  @[IKE2]@, #3509).

* [[NetworkManager|charon-nm]] is now properly terminated during system shutdown (#3579).

* Improved support for EdDSA keys in [[vici]]/[[swanctl]], in particular, encrypted keys are now supported (#3586).

* A new global [[strongswan.conf]] option allows sending the Cisco FlexVPN vendor ID to prevent Cisco

  devices from narrowing a 0.0.0.0/0 traffic selectors ("GH#180":https://github.com/strongswan/strongswan/pull/180).

* The _openssl_ plugin accepts CRLs issued by non-CA certificates if they contain the cRLSign keyUsage

  flag (the _x509_ plugin already does this since version:4.5.1).

* Attributes in PKCS#7 containers, as used in [[scepclient|SCEP]], are now properly DER-encoded, i.e. sorted (#3589).

* Failures during restarts of IKEv1 CHILD_SAs are now properly handled (commit:12a3f3ca52).

* Virtual IPv6 addresses and IPv6 source address pools are now supported in the [[loadtests|load-tester]] plugin (#3595).

* The [[AndroidVPNClient|Android client]] optionally supports IPv6 transport addresses for IKE and ESP (requires UDP encapsulation

  for IPv6 on the server, which Linux only supports since 5.8).

* The [[TestingEnvironment|testing environment]] is now based on Debian 10 (buster) by default.

* @/dev/random@ on guest hosts in the  [[TestingEnvironment|testing environment]] is now mapped to the host's @/dev/urandom@

  via VirtIO RNG, which requires support in the guest kernel (@CONFIG_HW_RANDOM_VIRTIO@).