[Swan] [Swan-announce] libreswan-4.8 released, maintenance release

The Libreswan Team team at libreswan.org
Mon Oct 3 22:07:37 EEST 2022

The Libreswan Project has released libreswan 4.8

This release adds support for ipsec-max-bytes= and
ipsec-max-packets=, and adds raw (non-certificate)
ECDSA support using leftpubkey= and rightpubkey=

This latest version of libreswan can be downloaded from:


The full changelog is available at: https://download.libreswan.org/CHANGES

Please report bugs either via one of the mailinglists or at our github
bug tracker:


Binary packages for RHEL/CentOS can be found at:

Binary packages for Fedora and Debian should be available in their
respective repositories a few days after this release.

See also https://libreswan.org/

v4.8 (October 2, 2022)
* release: remove SHA1 bindings from LIBRESWAN OpenPGP key [dkg/Paul]
* pluto: ignore obsoleted unused interfaces= / --iface [Paul/Andrew]
* pluto: various internal crypto struct changes [Andrew]
* pluto: fix traffic counters for AH and IPCOMP [Andrew]
* pluto: improve logging of duplicate serial cert error [Andrew]
* pluto: support for maxbytes/maxpacket counters [Antony/Paul]
* pluto: handle HW tokens using strange CKAIDs; github/815 [Andrew]
* pluto: added --ipsec-max-bytes / --ipsec-max-packets support [Antony]
* libipsecconf: added ipsec-max-bytes= and ipsec-max-packets= options [Paul]
* IKEv2: emit one CERTREQ payload with all the hashes [Andrew]
* addconn/whack: add support for {left,right}pubkey= [Andrew]
* showhostkey: add support for ECDSA pubkeys [Andrew]
* Crypto: add KDF self tests [Daiki Ueno]
* IPv6: open IPv6 IKE port 4500; github/800 [Andrew]
* showhostkey: add --pem option to print PEM encoded public key [Andrew]
* unbound: _unbound-hook converted from python to shell [Andrew]
* BSD: delete old BSDKAME code replaced by PFKEYV2 code [Andrew]
* BSD: fix replay window byte vs bit math [Andrew]
* BSD: fix code finding interfaces; github/728 [Andrew]
* FreeBSD: support large replay window; github/756 [Andrew]
* FreeBSD: support ESN; github/721 [Andrew]
* linux: update copy of xfrm.h header [Paul]
* packaging: update fedora spec file [Paul/Tuomo]
* building: on BSD, always use GCC; freebsd/264288 llvm/55963 [Andrew]
* building: enable LTO when USE_LTO=true; github/836 github/834 [Andrew]
* building: dropped default build and packaging support for:
   	    Fedora 22, 28, 29, 30
             Debian stretch
             Ubuntu cosmic, xenial
             RHEL6 was removed in v4.5
             Add SUSE, Arch, Mint

Swan-announce mailing list
Swan-announce at lists.libreswan.org

More information about the Swan mailing list