[Swan-dev] libreswan 3.28 unavailability in rhel repo

Spiros Ioannou sivann at inaccess.com
Wed Jun 5 14:08:04 UTC 2019

Hi Paul,
thank you for your actions. I feel I must warn you that as 3.28 changes
lots of defaults (e.g. SHA1 deprecation, IKEv2 by default, etc) most of our
2000+ tunnels went down after upgrading to 3.28, so we had to downgrade
again as most of the remote endpoints are not in our control, until we
figure out how to handle.
It should have been a major version change, or treat this change
differently as automatic security upgrades will give a big bad surprise in
most installations. I hope we are an exception.
Best Regards,

*Spiros Ioannou Technical Manager, IT/SMinAccesswww.inaccess.com
<http://www.inaccess.com>M: +30 6973-903808W: +30 210-6802-358*

On Wed, 5 Jun 2019 at 16:07, Paul Wouters <paul at nohats.ca> wrote:

> On Wed, 5 Jun 2019, Spiros Ioannou wrote:
> > Subject: [Swan-dev] libreswan 3.28 unavailability in rhel repo
> >
> > Hello, not sure where to post this,
> > https://download.libreswan.org/binaries/rhel/7/x86_64/ includes 3.28
> but the repo metadata seem not been updated so only 3.27 is
> > available.
> I have regenerated the repodata files. It might be an hour or so for all
> the mirrors to catch up on the new files.
> > As we have been hit by https://www.cvedetails.com/cve/CVE-2019-12312/ this
> was a big one for us, please address the 3.28 rpm
> > availability.
> Note you can still manually grab it:
> https://download.libreswan.org/binaries/rhel/7/x86_64/libreswan-3.28-1.el7.x86_64.rpm
> Paul
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.libreswan.org/pipermail/swan-dev/attachments/20190605/8c09b07a/attachment.html>

More information about the Swan-dev mailing list