edited NEWS
This commit is contained in:
parent
8d7e4dec55
commit
c306dfb15a
12
NEWS
12
NEWS
|
@ -1,7 +1,7 @@
|
||||||
strongswan-4.2.1
|
strongswan-4.2.1
|
||||||
----------------
|
----------------
|
||||||
|
|
||||||
- Support for hash and URL encoded certificate payloads has been implemented
|
- Support for "Hash and URL" encoded certificate payloads has been implemented
|
||||||
in the IKEv2 daemon charon. Using the "certuribase" option of a CA section
|
in the IKEv2 daemon charon. Using the "certuribase" option of a CA section
|
||||||
allows to assign a base URL to all certificates issued by the specified CA.
|
allows to assign a base URL to all certificates issued by the specified CA.
|
||||||
The final URL is then built by concatenating that base and the hex encoded
|
The final URL is then built by concatenating that base and the hex encoded
|
||||||
|
@ -15,11 +15,11 @@ strongswan-4.2.1
|
||||||
|
|
||||||
- The crypto factory in libstrongswan additionaly supports random number
|
- The crypto factory in libstrongswan additionaly supports random number
|
||||||
generators, plugins may provide other sources of randomness. The default
|
generators, plugins may provide other sources of randomness. The default
|
||||||
plugin reads random data from /dev/(u)random.
|
plugin reads raw random data from /dev/(u)random.
|
||||||
|
|
||||||
- Extended the credential framework by a caching option to allow plugins
|
- Extended the credential framework by a caching option to allow plugins
|
||||||
persistent caching of fetched credentials. The "cachecrl" option has been
|
persistent caching of fetched credentials. The "cachecrl" option has been
|
||||||
reeimplemented.
|
re-implemented.
|
||||||
|
|
||||||
- The new trustchain verification introduced in 4.2.0 has been parallelized.
|
- The new trustchain verification introduced in 4.2.0 has been parallelized.
|
||||||
Threads fetching CRL or OCSP information no longer block other threads.
|
Threads fetching CRL or OCSP information no longer block other threads.
|
||||||
|
@ -34,12 +34,12 @@ strongswan-4.2.1
|
||||||
the value "%poolname", where "poolname" identifies a pool provided by a
|
the value "%poolname", where "poolname" identifies a pool provided by a
|
||||||
separate plugin.
|
separate plugin.
|
||||||
|
|
||||||
- Fixed compilation on uClibc and a couple of minor bugs.
|
- Fixed compilation on uClibc and a couple of other minor bugs.
|
||||||
|
|
||||||
- set DPD defaults in ipsec starter to dpd_delay=30s and dpd_timeout=150s.
|
- Set DPD defaults in ipsec starter to dpd_delay=30s and dpd_timeout=150s.
|
||||||
|
|
||||||
- The IKEv1 pluto daemon now supports the ESP encryption algorithm CAMELLIA
|
- The IKEv1 pluto daemon now supports the ESP encryption algorithm CAMELLIA
|
||||||
with bit lengths of 128, 192, and 256 bits, as well as the authentication
|
with key lengths of 128, 192, and 256 bits, as well as the authentication
|
||||||
algorithm AES_XCBC_MAC. Configuration example: esp=camellia192-aesxcbc.
|
algorithm AES_XCBC_MAC. Configuration example: esp=camellia192-aesxcbc.
|
||||||
|
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue