Project

General

Profile

4.3.3

19.07.2009

100%

2 issues   (2 closed — 0 open)

Version 4.3.3

  • The configuration option --enable-integrity-test plus the strongswan.conf
    option libstrongswan.integrity_test = yes activate integrity tests
    of the IKE daemons charon and pluto, libstrongswan and all loaded
    plugins. Thus dynamic library misconfigurations and non-malicious file
    manipulations can be reliably detected.
  • The new default setting libstrongswan.ecp_x_coordinate_only=yes allows
    IKEv1 interoperability with MS Windows using the ECP DH groups 19 and 20.
  • The IKEv1 pluto daemon now supports the AES-CCM and AES-GCM ESP
    authenticated encryption algorithms.
  • The IKEv1 pluto daemon now supports V4 OpenPGP keys.
  • The RDN parser vulnerability discovered by Orange Labs research team
    was not completely fixed in version 4.3.2. Some more modifications
    had to be applied to the asn1_length() function to make it robust.
Time tracking
Estimated time 3.00 hours
Issues by
Feature

1/1
Bug

1/1
Related issues
Feature #78: Integrity tester for libstrongswan and all plugins.
Bug #79: Windows 7 sometimes fails to verify RSA signatures done by gcrypt