What’s New in strongSwan 6.0

Plugins

New Plugins

The following new libstrongswan plugins have been added:

Plugin Name Description

Plugin Name	Description
frodo	FrodoKEM post quantum safe key exchange method
oqs	Open quantum safe plugin based on the `liboqs` library

frodo

FrodoKEM post quantum safe key exchange method

oqs

Open quantum safe plugin based on the liboqs library

Removed Plugins

The following deprecated libstrongswan plugins have been removed:

Plugin Name	Description
bliss	Bimodal Lattice Signature Scheme (BLISS) post-quantum computer signature scheme
newhope	Key exchange based on post-quantum computer New Hope algorithm
ntru	Key exchange based on post-quantum computer NTRU encryption

Plugin Name

Description

bliss

Bimodal Lattice Signature Scheme (BLISS) post-quantum computer signature scheme

newhope

Key exchange based on post-quantum computer New Hope algorithm

ntru

Key exchange based on post-quantum computer NTRU encryption

Default Plugins

The powerful openssl crypto plugin is now enabled by default:

Plugin Name	Description
openssl	Crypto backend based on the OpenSSL library

Plugin Name

Description

openssl

Crypto backend based on the OpenSSL library

Due to the nearly all-encompassing capabilities of the openssl default crypto plugin, the following libstrongswan plugins are not enabled by default anymore:

Plugin Name	Description
aes	AES-128/192/256 cipher software implementation
curve25519	X25519 DH group and Ed25519 public key authentication
des	DES/3DES cipher software implementation
fips-prf	PRF specified by FIPS, used by EAP-SIM/AKA algorithms
gmp	RSA/DH crypto backend based on libgmp
hmac	HMAC wrapper using various hashers
md5	MD5 hasher software implementation
pkcs12	PKCS#12 decoding routines
rc2	RC2 cipher software implementation
sha1	SHA1 hasher software implementation
sha2	SHA-2 hasher software implementation

Plugin Name

Description

aes

AES-128/192/256 cipher software implementation

curve25519

X25519 DH group and Ed25519 public key authentication

des

DES/3DES cipher software implementation

fips-prf

PRF specified by FIPS, used by EAP-SIM/AKA algorithms

gmp

RSA/DH crypto backend based on libgmp

hmac

HMAC wrapper using various hashers

md5

MD5 hasher software implementation

pkcs12

PKCS#12 decoding routines

rc2

RC2 cipher software implementation

sha1

SHA1 hasher software implementation

sha2

SHA-2 hasher software implementation

The legacy stroke management interface has been deprecated for many years and has been replaced by the versatile vici management interface. Thus with strongSwan 6.0, the stroke plugin is not enabled by default anymore and has to be built separately.

Plugin Name	Description
stroke	Deprecated stroke configuration/control backend used with ipsec script and starter

Plugin Name

Description

stroke

Deprecated stroke configuration/control backend used with ipsec script and starter

Thus the following 25 plugins are now enabled by default.

Configuration Options

The following two strongswan.conf configuration options are now enabled by default:

Key Default Description [Default]

Key	Default	Description [Default]
make_before_break	`yes`	Initiate IKEv2 reauthentication with a make-before-break instead of a break-before-make scheme. Make-before-break uses overlapping `IKE` and `CHILD SA` during reauthentication by first recreating all new SAs before deleting the old ones. This behavior can be beneficial to avoid connectivity gaps during reauthentication, but requires support for overlapping SAs by the peer. strongSwan can handle such overlapping SAs since version 5.3.0
rsa_pss	`yes`	Use RSA with PSS padding by default. Revert to legacy PKCS#1 padding by setting the option to no

make_before_break

yes

Initiate IKEv2 reauthentication with a make-before-break instead of a break-before-make scheme. Make-before-break uses overlapping IKE and CHILD SA during reauthentication by first recreating all new SAs before deleting the old ones. This behavior can be beneficial to avoid connectivity gaps during reauthentication, but requires support for overlapping SAs by the peer. strongSwan can handle such overlapping SAs since version 5.3.0

rsa_pss

yes

Use RSA with PSS padding by default. Revert to legacy PKCS#1 padding by setting the option to no

Thus the following pki subcommands now use RSA-PSS signatures per default:

Use the command line option --rsa-padding pkcs1 for legacy PKCS#1 padding.