updated NEWS, TODO
This commit is contained in:
parent
73390cce24
commit
ed284399cd
10
NEWS
10
NEWS
|
@ -1,3 +1,13 @@
|
|||
strongswan-4.1.1
|
||||
----------------
|
||||
|
||||
- Server side cookie support. If to may IKE_SAs are in CONNECTING state,
|
||||
cookies are enabled and protect against DoS attacks with faked source
|
||||
addresses. Number of IKE_SAs in CONNECTING state is also limited per
|
||||
peer address to avoid resource exhaustion. IKE_SA_INIT messages are
|
||||
compared to properly detect retransmissions and incoming retransmits are
|
||||
detected even if the IKE_SA is blocked (e.g. doing OCSP fetches).
|
||||
|
||||
strongswan-4.1.0
|
||||
----------------
|
||||
|
||||
|
|
11
TODO
11
TODO
|
@ -15,10 +15,11 @@ Roadmap 2007
|
|||
!
|
||||
Apr ! - PRF in CHILD_SA rekeying
|
||||
! - configuration managament refactoring
|
||||
! - interface in charon for the new SMP management interface
|
||||
! - credentials backend redesign
|
||||
! - interface in charon for the XML based SMP management interface
|
||||
! - reimplement IKEv2 p2p NATT support
|
||||
!
|
||||
May ! - XML configuration interface
|
||||
May ! - SMP configuration client
|
||||
!
|
||||
Jun ! - start with IKEv1 migration strategy
|
||||
!
|
||||
|
@ -47,11 +48,6 @@ Build system
|
|||
- configure flag which allows to ommit vendor id in pluto
|
||||
- reduce printf handlers count to 10, as uClibc does not support more
|
||||
|
||||
Denail of service
|
||||
-----------------
|
||||
- Cookie support on server
|
||||
- thread exhaustion (multiple messages to a single IKE_SA)
|
||||
|
||||
Certificate support
|
||||
-------------------
|
||||
- New trustchain mechanism?
|
||||
|
@ -70,3 +66,4 @@ Misc
|
|||
----
|
||||
- PFS support for creating/rekeying CHILD_SAs
|
||||
- Address pool/backend for virtual IP assignement
|
||||
- fix iterator->insert_before/after
|
||||
|
|
Loading…
Reference in New Issue