strongSwan - Design by Margo Galas <galas (at) solnet (dot) ch>

Main Sponsors

secunet

secunet

revosec

Hochschule für Technik Rapperswil

strongSwan Vulnerability (CVE-2018-16151, CVE-2018-16152)

A potential authorization bypass vulnerability in the gmp plugin was discovered in strongSwan. All versions are affected in certain configurations.

strongSwan Vulnerability (CVE-2018-10811)

A denial-of-service vulnerability in the IKEv2 key derivation if the openssl plugin is used in FIPS mode and HMAC-MD5 is negotiated as PRF was discovered, all strongSwan versions since 5.0.1 may be affected.

strongSwan Vulnerability (CVE-2018-5388)

A denial-of-service vulnerability in the stroke plugin was discovered in strongSwan. All versions are affected in certain configurations.

strongSwan Vulnerability (CVE-2017-11185)

A denial-of-service vulnerability in the gmp plugin was discovered in strongSwan. All versions are affected.

strongSwan Vulnerability (CVE-2017-9022)

A denial-of-service vulnerability in the gmp plugin was discovered in strongSwan. All versions since 4.4.0 are affected.

strongSwan Vulnerability (CVE-2017-9023)

A denial-of-service vulnerability in the x509 plugin was discovered in strongSwan. All versions are affected.

strongSwan 5.5.3 Released

We are happy to announce the release of strongSwan 5.5.3 which avoids traffic loss during IKEv2 CHILD_SA rekeying, runs on the ARM64 iOS platform, and fixes two vulnerabilities and several other issues.

strongSwan 5.5.2 Released

We are happy to announce the release of strongSwan 5.5.2 which brings support for DH group 31 using Curve25519 and the Ed25519 signature algorithm for IKEv2, storing private keys on a TPM 2.0, automatic installation of bypass policies for LANs, several new features for the VICI interface and swanctl and lots of other new features and fixes.

strongSwan 5.5.1 Released

We are happy to announce the release of strongSwan 5.5.1 which brings support for the NewHope post-quantum key exchange algorithm, simplified private key handling in swanctl and pki, configurable XFRM policy hashing thresholds, improved delta CRL handling, support for NetworkManager 1.2 and several other new features and fixes.

strongSwan 5.5.0 Released

We are proud to announce the release of strongSwan 5.5.0 which offers TPM 2.0 support, improved handling of IKEv2 exchange collisions, manual priorities for IPsec policies and several other new features and fixes.