Release and vulnerability announcements for strongSwan

strongSwan 5.2.2 Released

We are happy to announce the release of strongSwan 5.2.2, which brings a new post-quantum signature scheme, identity type prefixes and fixes a DoS vulnerability and several other issues.

Denial-of Service Vulnerability (CVE-2014-9221)

A denial-of-service vulnerability was fixed that could be triggered by an IKEv2 Key Exchange (KE) payload that contains the Diffie-Hellman group 1025. All versions since 4.5.0 are affected.

More information is provided in a separate blog entry.

Post-quantum Bimodal Lattice Signature Scheme (BLISS)

BLISS provides an alternative next generation public key authentication method for IKEv2 connections. Together with the NTRU Encryption based IKE key exchange methods released with strongSwan 5.1.2 it has become possible to set up IPsec connections with either 128-bit or 192-bit cryptographic strength that are resistant against attacks by quantum computers. The rw-ntru-bliss scenario shows the BLISS/NTRU combination at work.

The strongSwan pki tool fully supports the generation of BLISS-based key pairs, certificates and CRLs. Refer to the BLISS howto on our wiki for details.

Explicit type prefixes for identities

The left|rightid options in ipsec.conf, or any other identity in strongSwan now accepts prefixes to enforce an explicit type, such as email: or fqdn:. Note that no conversion is done for the remaining string, refer to the conn section reference (or the ipsec.conf(5) man page) for details.

Use correct mapping of AH integrity algorithms with IKEv1

We fixed the mapping of integrity algorithms negotiated for AH via IKEv1. This could cause interoperability issues when connecting to older versions of charon.

Other Notable Changes

Download it from here - a more extensive changelog can be found on our wiki.