FreeSWAN Release 1.93 ships!

Lucky Green shamrock at
Sun Dec 9 22:32:34 EST 2001

The big question is: will FreeS/WAN latest release after some 4 or 5
years of development finally both compile and install cleanly on current
versions of Red Hat Linux, FreeS/WAN's purported target platform?

--Lucky, who is bothered by the fact that most his Linux using friends
so far have been unable to get FreeS/WAN to even compile into a working
kernel, while just about every *BSD distribution - and for that matter
Windows XP - ship with a working IPSec implementation out-of-the-box.

> -----Original Message-----
> From: owner-cypherpunks at 
> [mailto:owner-cypherpunks at] On Behalf Of Bill Stewart
> Sent: Thursday, December 06, 2001 2:05 AM
> To: cypherpunks at
> Cc: cryptography at
> Subject: FreeSWAN Release 1.93 ships!
>  From Claudia Schmeing <claudia at>'s summary:
>   <>
> =========
> 1.  Release 1.93 ships!
>      ===================
>      1 post Dec 3

A number of small improvements have been added to this release, which
was shipped on-time.

Some highlights:

* Diffie-Hellman group 5 is now the first group proposed.
* Two cases where fragmentation is needed will be handled better, thanks
   to these two changes

        The code that decides whether to send an ICMP complaint back
        a packet which had to be fragmented, but couldn't be, has gotten
        smart enough that we now feel comfortable enabling it by

        IKE (UDP/500) packets which were large enough to be fragmented
        to be mishandled, with some of the fragments failing to bypass
        tunnels properly.  This has been fixed; our thanks to Hans

* If Pluto gets more than one RSA key from DNS, it will now try each
   This will help when a system administrator replaces a key.
* There is preliminary support for building RPMs.
* SMP support is better.
* The team has eliminated a vulnerability that might permit a denial of 

What can we expect from the next release? Henry Spencer writes:

     We are in the process of chasing down a couple of significant bugs
     have been there since at least 1.92 and possibly earlier), and we
     ship another release quite shortly if we nail them down and fix
them.  If
     we don't, we won't.  Barring that possibility, the next release is
     for the end of January; a more precise date will be announced

The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at

More information about the cryptography mailing list