Skip to content
v4.15
default avatar
paul.wouters@aiven.io
960fdc2d · Bump to 4.15 ·
Unverified 
v4.15 (April 15, 2024)
* Security: Fixes http://libreswan.org/security/CVE-2024-3652
* Linux: remove dependency on libxz via libsystemd [Tuomo Andrew]
* IKEv1: set default proposals to ESP aes-sha1 and AH sha1 [Andrew]
* IKEv1: reject ESP proposal combining AEAD and non-empty INTEG [Andrew]
* IKEv1: reject exchange when connection has no proposals [Andrew]
* IKEv1: limit default cryptosuite [Andrew, Paul, Tuomo]
  IKE={AES_CBC,3DES_CBC}-{HMAC_SHA2_256,HMAC_SHA2_512HMAC_SHA1}-{MODP2048,MODP1536,DH19,DH31}
  ESP={AES_CBC,3DES_CBC}-{HMAC_SHA1_96,HMAC_SHA2_512_256,HMAC_SHA2_256_128}-{AES_GCM_16_128,AES_GCM_16_256}
  AH=HMAC_SHA1_96+HMAC_SHA2_512_256+HMAC_SHA2_256_128