FreeSWAN Release 1.93 ships!

Lucky Green shamrock at cypherpunks.to
Sun Dec 9 19:32:34 PST 2001


The big question is: will FreeS/WAN latest release after some 4 or 5
years of development finally both compile and install cleanly on current
versions of Red Hat Linux, FreeS/WAN's purported target platform?

--Lucky, who is bothered by the fact that most his Linux using friends
so far have been unable to get FreeS/WAN to even compile into a working
kernel, while just about every *BSD distribution - and for that matter
Windows XP - ship with a working IPSec implementation out-of-the-box.

> -----Original Message-----
> From: owner-cypherpunks at lne.com 
> [mailto:owner-cypherpunks at lne.com] On Behalf Of Bill Stewart
> Sent: Thursday, December 06, 2001 2:05 AM
> To: cypherpunks at lne.com
> Cc: cryptography at wasabisystems.com
> Subject: FreeSWAN Release 1.93 ships!
> 
> 
>  From Claudia Schmeing <claudia at freeswan.org>'s summary:
>   <http://lists.freeswan.org/pipermail/briefs/>
> =========
> 
> 1.  Release 1.93 ships!
>      ===================
>      1 post Dec 3
>      
> http://lists.freeswan.org/pipermail/users/2001-December/005632
.html

A number of small improvements have been added to this release, which
was shipped on-time.

Some highlights:

* Diffie-Hellman group 5 is now the first group proposed.
* Two cases where fragmentation is needed will be handled better, thanks
   to these two changes

        The code that decides whether to send an ICMP complaint back
about
        a packet which had to be fragmented, but couldn't be, has gotten
        smart enough that we now feel comfortable enabling it by
default.
   and

        IKE (UDP/500) packets which were large enough to be fragmented
used
        to be mishandled, with some of the fragments failing to bypass
IPsec
        tunnels properly.  This has been fixed; our thanks to Hans
Schultz.

* If Pluto gets more than one RSA key from DNS, it will now try each
key.
   This will help when a system administrator replaces a key.
* There is preliminary support for building RPMs.
* SMP support is better.
* The team has eliminated a vulnerability that might permit a denial of 
service
   attack.

What can we expect from the next release? Henry Spencer writes:

     We are in the process of chasing down a couple of significant bugs
(which
     have been there since at least 1.92 and possibly earlier), and we
*might*
     ship another release quite shortly if we nail them down and fix
them.  If
     we don't, we won't.  Barring that possibility, the next release is
planned
     for the end of January; a more precise date will be announced
shortly.




---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at wasabisystems.com





More information about the cypherpunks-legacy mailing list