Release and vulnerability announcements for strongSwan

strongSwan 5.5.1 Released

We are happy to announce the release of strongSwan 5.5.1 which brings support for the NewHope post-quantum key exchange algorithm, simplified private key handling in swanctl and pki, configurable XFRM policy hashing thresholds, improved delta CRL handling, support for NetworkManager 1.2 and several other new features and fixes.

NewHope Key Exchange Algorithm

The newhope plugin implements the post-quantum NewHope key exchange algorithm proposed in their 2015 paper by Erdem Alkim, Léo Ducas, Thomas Pöppelmann and
Peter Schwabe.

Simplified Private Key Handling

The pki tool, with help of the pkcs1 or openssl plugins, can parse private keys in any of the supported formats without having to know the exact type. So instead of having to specify rsa or ecdsa explicitly the keyword priv may be used to indicate a private key of any type.

Similarly, swanctl can load any type of private key from the swanctl/private directory.

XFRM Policy Hashing Thresholds

XFRM policy hashing thresholds may be configured via strongswan.conf. This can significantly improve the performance on hosts where the number of flows exceeds the flow cache size of the Linux kernel. Policies covering more than a single address don't get hash-indexed by default, which results in wasting most of the cycles in xfrm_policy_lookup_bytype() and the called xfrm_policy_match(). Since Linux 3.18 the kernel can hash the first n-bit of a policy subnet to perform indexed lookups. With correctly chosen thresholds this can completely eliminate the performance impact of policy lookups.

Note: Due to a bug in Linux 3.19 through 4.7, the kernel crashes with a NULL pointer dereference if a socket policy (used by strongSwan to exempt IKE traffic from IPsec tunnels) is installed while hash thresholds are changed. See ac9759a532 for details and a workaround.

Improved Delta CRL Handling

Delta CRLs are now properly cached in-memory (and on disk) together with their base. In earlier releases the presence of a delta CRL might have required that the base be refetched every time. The serial number for delta CRLs generated by pki --signcrl is now based on the given base CRL again (was broken since 4.6.3).

When setting charon.cache_crls = yes in strongswan.conf the vici plugin (and the stroke plugin) saves regular, base and delta CRLs to disk. Fetched CRLs are now also cached if the checked certificate has been revoked.

Support for NetworkManager 1.2

The NetworkManager integration has been updated to support NM 1.2. Refer to the download page for updated versions of the NM applet/plugin.

The directory from which CA certificates are loaded if no certificate is configured in the GUI can now be configured via strongswan.conf using the new charon-nm.ca_dir setting.

Other Notable Fixes

Download Complete Changelog