Release and vulnerability announcements for strongSwan

strongSwan 5.3.3 Released

We are happy to announce the release of strongSwan 5.3.3, which brings support for the ChaCha20/Poly1305 AEAD cipher, configuration of auxiliary CA information such as CRL and OCSP URIs via VICI, and adds numerous other new features and fixes.

Support for the ChaCha20/Poly1305 AEAD Cipher

The ChaCha20/Poly1305 AEAD cipher specified in RFC 7539 and RFC 7634 is supported and may be configured using the chacha20poly1305 ike/esp proposal keyword. The new chapoly plugin implements the cipher, if possible SSE-accelerated on x86/x64 architectures. It is usable both in IKEv2 and the strongSwan libipsec ESP backend. On Linux 4.2 or newer the kernel-netlink plugin can configure the cipher for ESP SAs as demonstrated in the ikev2/alg-chacha20poly1305 test scenario.

Auxiliary Certification Authority (CA) Information via VICI/swanctl

The vici/swanctl interface now supports the configuration of auxiliary certification authority information such as CRL and OCSP URIs. An example is provided in the swanctl/multi-level-ca scenario.

auto=route with right=%any for Transport Mode Connections

Support for auto=route  with right=%any for transport mode connections has been added. This simplifies configuration of fully-meshed host-to-host connections. More details and examples are provided in issue #196 and the ikev2/trap-any scenario.

BLISS Signature Changes

In the bliss plugin the c_indices derivation using a SHA-512 based random oracle has been fixed, generalized and standardized by employing the MGF1 mask generation function with SHA-512. As a consequence BLISS signatures using the improved oracle are not compatible with the earlier implementation.

Other Notable Changes

Download it from here - a more extensive changelog can be found on our wiki.