strongSwan - Design by Margo Galas <galas (at) solnet (dot) ch>

Main Sponsors

secunet

secunet

revosec

Hochschule für Technik Rapperswil

strongSwan 5.8.2 Released

We are happy to announce the release of strongSwan 5.8.2, which adds support for identity-based CA constraints, can send intermediate CA certificates in hash-and-URL encoding and brings several other new features and fixes.

strongSwan 5.8.1 Released

We are happy to announce the release of strongSwan 5.8.1, which is mainly a maintenance release but also supports an optional less strict matching of RDNs in DNs of X.509 certificates.

strongSwan 5.8.0 Released

We are happy to announce the release of strongSwan 5.8.0, which supports XFRM interfaces, childless IKEv2 SAs, fixes the PB-TNC finite state machine, renames the systemd service units, adds a wolfSSL crypto plugin and brings several other new features and fixes.

strongSwan 5.7.2 Released

We are happy to announce the release of strongSwan 5.7.2, which brings automatic signature scheme selection for TPM 2.0, updates for RADIUS and crypto plugins, dynamic paths for swanctl, and several other new features and fixes.

strongSwan 5.7.1 Released

strongSwan 5.7.1 fixes a denial-of-service vulnerability in last week's 5.7.0 release and the patch for the vulnerability that was fixed with it.

strongSwan Vulnerability (CVE-2018-17540)

A denial-of-service vulnerability in the gmp plugin was discovered in strongSwan. All versions patched with the fix for CVE-2018-16151/2 are affected.

strongSwan Vulnerability (CVE-2018-16151, CVE-2018-16152)

A potential authorization bypass vulnerability in the gmp plugin was discovered in strongSwan. All versions are affected in certain configurations.

strongSwan 5.7.0 Released

We are happy to announce the release of strongSwan 5.7.0, which brings support for SWIMA for PA-TNC, swanctl.conf/strongswan.conf syntax changes, a Botan crypto library plugin, support for Postquantum Preshared Keys for IKEv2, fixes a potential authorization bypass vulnerability, and comes with several other new features and fixes.

strongSwan 5.6.3 Released

We are happy to announce the release of strongSwan 5.6.3, which improves certificate chain validation, updates the DHCP plugin, allows forcing the local termination of IKE_SAs, supports trap policies with virtual IPs, and fixes two potential DoS vulnerabilities and several other issues.

strongSwan Vulnerability (CVE-2018-10811)

A denial-of-service vulnerability in the IKEv2 key derivation if the openssl plugin is used in FIPS mode and HMAC-MD5 is negotiated as PRF was discovered, all strongSwan versions since 5.0.1 may be affected.