===================================================================
RCS file: /cvsrepo/anoncvs/cvs/www/70.html,v
retrieving revision 1.19
retrieving revision 1.20
diff -u -r1.19 -r1.20
--- www/70.html 2021/10/02 12:25:48 1.19
+++ www/70.html 2021/10/02 12:26:38 1.20
@@ -272,7 +272,14 @@
IPSEC support in the kernel and the iked(8) userland daemon:
- - ...
+
- Zeroed out potential passwords when freeing memory or handling parsing errors in iked(8).
+
- Added client-side support for DNS configuration to iked(8).
+
- Increased iked(8) default data bytes limit for Child SAs to 4 GB, preventing excessive rekeying and lost data in high performance setups.
+
- Fixed races which were slowing ipsec(4) throughput.
+
- Fixed an iked(8) bug where no flows are added if a single address is configured in the config address instead of a pool.
+
- Fixed a problem in iked(8) where no flows are loaded when a single config address without pool is configured.
+
- Added an experimental post-quantum hybrid key exchange method based on Streamlined NTRU Prime (coupled with X25519) to iked(8) as sntrup761x25519.
+
- Fixed IPsec(4) NAT-T to work with pipex(4).
The httpd(8) webserver saw numerous improvements: