New upstream version 5.5.1

1 files changed, 36 insertions, 0 deletions

diff --git a/NEWS b/NEWS
index db30df1d2..3a7aba883 100644
--- a/NEWS
+++ b/NEWS
@@ -1,3 +1,39 @@
+strongswan-5.5.1
+----------------
+
+- The newhope plugin implements the post-quantum NewHope key exchange algorithm
+  proposed in their 2015 paper by Erdem Alkim, Léo Ducas, Thomas Pöppelmann and
+  Peter Schwabe.
+
+- The libstrongswan crypto factory now offers the registration of Extended
+  Output Functions (XOFs). Currently supported XOFs are SHAKE128 and SHAKE256
+  implemented by the sha3 plugin, ChaCHa20 implemented by the chapoly plugin
+  and the more traditional MGF1 Mask Generation Functions based on the SHA-1,
+  SHA-256 and SHA-512 hash algorithms implemented by the new mgf1 plugin.
+
+- The pki tool, with help of the pkcs1 or openssl plugins, can parse private
+  keys in any of the supported formats without having to know the exact type.
+  So instead of having to specify rsa or ecdsa explicitly the keyword priv may
+  be used to indicate a private key of any type. Similarly, swanctl can load
+  any type of private key from the swanctl/private directory.
+
+- The pki tool can handle RSASSA-PKCS1v1.5-with-SHA-3 signatures using the
+  sha3 and gmp plugins.
+
+- The VICI flush-certs command flushes certificates from the volatile
+  certificate cache. Optionally the type of the certificates to be
+  flushed  (e.g. type = x509_crl) can be specified.
+
+- Setting cache_crls = yes in strongswan.conf the vici plugin saves regular,
+  base and delta CRLs to disk.
+
+- IKE fragmentation is now enabled by default with the default fragment size
+  set to 1280 bytes for both IP address families.
+
+- libtpmtss: In the TSS2 API the function TeardownSocketTcti() was replaced by
+  tss2_tcti_finalize().
+
+
 strongswan-5.5.0
 ----------------