updated NEWS, TODO
This commit is contained in:
parent
73390cce24
commit
ed284399cd
10
NEWS
10
NEWS
|
@ -1,3 +1,13 @@
|
||||||
|
strongswan-4.1.1
|
||||||
|
----------------
|
||||||
|
|
||||||
|
- Server side cookie support. If to may IKE_SAs are in CONNECTING state,
|
||||||
|
cookies are enabled and protect against DoS attacks with faked source
|
||||||
|
addresses. Number of IKE_SAs in CONNECTING state is also limited per
|
||||||
|
peer address to avoid resource exhaustion. IKE_SA_INIT messages are
|
||||||
|
compared to properly detect retransmissions and incoming retransmits are
|
||||||
|
detected even if the IKE_SA is blocked (e.g. doing OCSP fetches).
|
||||||
|
|
||||||
strongswan-4.1.0
|
strongswan-4.1.0
|
||||||
----------------
|
----------------
|
||||||
|
|
||||||
|
|
11
TODO
11
TODO
|
@ -15,10 +15,11 @@ Roadmap 2007
|
||||||
!
|
!
|
||||||
Apr ! - PRF in CHILD_SA rekeying
|
Apr ! - PRF in CHILD_SA rekeying
|
||||||
! - configuration managament refactoring
|
! - configuration managament refactoring
|
||||||
! - interface in charon for the new SMP management interface
|
! - credentials backend redesign
|
||||||
|
! - interface in charon for the XML based SMP management interface
|
||||||
! - reimplement IKEv2 p2p NATT support
|
! - reimplement IKEv2 p2p NATT support
|
||||||
!
|
!
|
||||||
May ! - XML configuration interface
|
May ! - SMP configuration client
|
||||||
!
|
!
|
||||||
Jun ! - start with IKEv1 migration strategy
|
Jun ! - start with IKEv1 migration strategy
|
||||||
!
|
!
|
||||||
|
@ -47,11 +48,6 @@ Build system
|
||||||
- configure flag which allows to ommit vendor id in pluto
|
- configure flag which allows to ommit vendor id in pluto
|
||||||
- reduce printf handlers count to 10, as uClibc does not support more
|
- reduce printf handlers count to 10, as uClibc does not support more
|
||||||
|
|
||||||
Denail of service
|
|
||||||
-----------------
|
|
||||||
- Cookie support on server
|
|
||||||
- thread exhaustion (multiple messages to a single IKE_SA)
|
|
||||||
|
|
||||||
Certificate support
|
Certificate support
|
||||||
-------------------
|
-------------------
|
||||||
- New trustchain mechanism?
|
- New trustchain mechanism?
|
||||||
|
@ -70,3 +66,4 @@ Misc
|
||||||
----
|
----
|
||||||
- PFS support for creating/rekeying CHILD_SAs
|
- PFS support for creating/rekeying CHILD_SAs
|
||||||
- Address pool/backend for virtual IP assignement
|
- Address pool/backend for virtual IP assignement
|
||||||
|
- fix iterator->insert_before/after
|
||||||
|
|
Loading…
Reference in New Issue