File tree 2 files changed +39
-5
lines changed
2 files changed +39
-5
lines changed Original file line number Diff line number Diff line change 1+ strongswan-5.9.10
2+ -----------------
3+
4+ - Added support for full packet hardware offload for IPsec SAs and policies with
5+ Linux 6.2 kernels to the kernel-netlink plugin.
6+
7+ - TLS-based EAP methods now use the standardized key derivation when used
8+ with TLS 1.3.
9+
10+ - The eap-tls plugin properly supports TLS 1.3 according to RFC 9190, by
11+ implementing the "protected success indication".
12+
13+ - With the `prefer` value for the `childless` setting, initiators will create
14+ a childless IKE_SA if the responder supports the extension.
15+
16+ - Routes via XFRM interfaces can optionally be installed automatically by
17+ enabling the `install_routes_xfrmi` option of the kernel-netlink plugin.
18+
19+ - charon-nm now uses XFRM interfaces instead of dummy TUN devices to avoid
20+ issues with name resolution if they are supported by the kernel.
21+
22+ - The `pki --req` command can encode extendedKeyUsage (EKU) flags in the
23+ PKCS#10 certificate signing request.
24+
25+ - The `pki --issue` command adopts EKU flags from CSRs but allows modifying them
26+ (replace them completely, or adding/removing specific flags).
27+
28+ - On Linux 6.2 kernels, the last use times of CHILD_SAs are determined via the
29+ IPsec SAs instead of the policies.
30+
31+ - For libcurl with MultiSSL support, the curl plugin provides an option to
32+ select the SSL/TLS backend.
33+
34+
135strongswan-5.9.9
236----------------
337
Original file line number Diff line number Diff line change @@ -32,11 +32,11 @@ charon.plugins.kernel-netlink.install_routes_xfrmi = no
3232 Whether to install routes for SAs that reference XFRM interfaces.
3333
3434 Whether routes via XFRM interfaces are automatically installed for SAs that
35- reference such an interface via _if_id_ . If the traffic selectors include
36- the IKE traffic to the peer, this requires special care (e.g. installing
37- bypass policies and/or routes, or setting a mark on the IKE socket and
38- excluding such packets from the configured routing table via _fwmark_
39- option).
35+ reference such an interface via _if_id_out_ . If the traffic selectors
36+ include the IKE traffic to the peer, this requires special care (e.g.
37+ installing bypass policies and/or routes, or setting a mark on the IKE
38+ socket and excluding such packets from the configured routing table via
39+ _fwmark_ option).
4040
4141charon.plugins.kernel-netlink.mss = 0
4242 MSS to set on installed routes, 0 to disable.
You can’t perform that action at this time.
0 commit comments