Blog

Release and vulnerability announcements for strongSwan

We are happy to announce the release of strongSwan 5.6.2 which includes rekeying and MOBIKE improvements, supports accessing certificates in a TPM 2.0, and fixes a DoS vulnerability and several other issues.

We are happy to announce the release of strongSwan 5.6.1 which removes deprecated algorithms from default proposals, supports RSASSA-PSS signatures, and brings several other new features and fixes.

We are happy to announce the release of strongSwan 5.6.0 which adds support for SWIMA for PA-TNC, brings a plugin that implements 3GPP MILENAGE in software, refines CHILD_SA rekeying and fixes a DoS vulnerability and several other issues.

We are happy to announce the release of strongSwan 5.5.3 which avoids traffic loss during IKEv2 CHILD_SA rekeying, runs on the ARM64 iOS platform, and fixes two vulnerabilities and several other issues.

We are happy to announce the release of strongSwan 5.5.2 which brings support for DH group 31 using Curve25519 and the Ed25519 signature algorithm for IKEv2, storing private keys on a TPM 2.0, automatic installation of bypass policies for LANs, several new features for the VICI interface and swanctl and lots of other new features and fixes.

We are happy to announce the release of strongSwan 5.5.1 which brings support for the NewHope post-quantum key exchange algorithm, simplified private key handling in swanctl and pki, configurable XFRM policy hashing thresholds, improved delta CRL handling, support for NetworkManager 1.2 and several other new features and fixes.

We are proud to announce the release of strongSwan 5.5.0 which offers TPM 2.0 support, improved handling of IKEv2 exchange collisions, manual priorities for IPsec policies and several other new features and fixes.

We are proud to announce the release of strongSwan 5.4.0 which makes VICI the preferred management interface, enforces a consistent 128 bit default security strength and brings support for IKEv2 redirection.