diff options
Diffstat (limited to 'NEWS')
| -rw-r--r-- | NEWS | 36 |
1 files changed, 36 insertions, 0 deletions
@@ -1,3 +1,39 @@ +strongswan-5.5.1 +---------------- + +- The newhope plugin implements the post-quantum NewHope key exchange algorithm + proposed in their 2015 paper by Erdem Alkim, Léo Ducas, Thomas Pöppelmann and + Peter Schwabe. + +- The libstrongswan crypto factory now offers the registration of Extended + Output Functions (XOFs). Currently supported XOFs are SHAKE128 and SHAKE256 + implemented by the sha3 plugin, ChaCHa20 implemented by the chapoly plugin + and the more traditional MGF1 Mask Generation Functions based on the SHA-1, + SHA-256 and SHA-512 hash algorithms implemented by the new mgf1 plugin. + +- The pki tool, with help of the pkcs1 or openssl plugins, can parse private + keys in any of the supported formats without having to know the exact type. + So instead of having to specify rsa or ecdsa explicitly the keyword priv may + be used to indicate a private key of any type. Similarly, swanctl can load + any type of private key from the swanctl/private directory. + +- The pki tool can handle RSASSA-PKCS1v1.5-with-SHA-3 signatures using the + sha3 and gmp plugins. + +- The VICI flush-certs command flushes certificates from the volatile + certificate cache. Optionally the type of the certificates to be + flushed (e.g. type = x509_crl) can be specified. + +- Setting cache_crls = yes in strongswan.conf the vici plugin saves regular, + base and delta CRLs to disk. + +- IKE fragmentation is now enabled by default with the default fragment size + set to 1280 bytes for both IP address families. + +- libtpmtss: In the TSS2 API the function TeardownSocketTcti() was replaced by + tss2_tcti_finalize(). + + strongswan-5.5.0 ---------------- |