You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
* SECURITY: Fixes CVE-2020-1763 https://libreswan.org/security/CVE-2020-1763
* IKEv2: Support non-narrowed child rekey for narrowing (regression in 3.31)
* FIPS: ECDSA keys were mistakenly rejected as "too weak" [Paul]
* FIPS: Minimum RSA key size is 2048, not 3072 [Paul]
* FIPS: Use NSS to check FIPS mode instead of manually checking fips=1 [Paul]
* IKEv2: Do not use fragments if not appropriate (regression from v3.30) [Paul]
* IKEv1: Add NSS KDF support for the Quick Mode KDF [Andrew/Paul]
* libipsecconf: support old-style ",," to mean "\," in specifying id [Paul]
* libipsecconf: left/rightinterface-ip= are not kt_obsolete [Paul]
* whack: Add missing ecdsa/sha2 and compat rsa policy options to whack [Paul]
* Fix left=%iface syntax due to string length miscalculation [Antony]
* X509: don't try to match up ID on SAN when ID type is ID_DER_ASN1_DN [Paul]
* packaging: debian fixes [Antony]
* building: USE_NSS_KDF=true now uses NSS for all KDF functions
Using this option, libreswan no longer needs FIPS certification