8b55fc81ff
Changelog:
Add SHA256 support for server cert hashes.
Enable DHE ciphers for Cisco DTLS.
Increase initial oNCP configuration buffer size.
Reopen CONIN$ when stdin is redirected on Windows.
Improve support for point-to-point routing on Windows.
Check for non-resumed DTLS sessions which may indicate a MiTM attack.
Add TUNIDX environment variable on Windows.
Fix compatibility with Pulse Secure 8.2R5.
Fix IPv6 support in Solaris.
Support DTLS automatic negotiation.
Support --key-password for GnuTLS PKCS#11 PIN.
Support automatic DTLS MTU detection with OpenSSL.
Drop support for combined GnuTLS/OpenSSL build.
Update OpenSSL to allow TLSv1.2, improve compatibility options.
Remove --no-cert-check option. It was being (mis)used.
Fix OpenSSL support for PKCS#11 EC keys without public key.
Support for final OpenSSL 1.1 release.
Fix polling/retry on "tun" socket when buffers full.
Fix AnyConnect server-side MTU setting.
Fix ESP replay detection.
Allow build with LibreSSL (for fetishists only; do not use this as DTLS is broken).
Add certificate torture test suite.
Support PKCS#11 PIN via pin-value= and --key-password for OpenSSL.
Fix integer overflow issues with ESP packet replay detection.
Add --pass-tos option as in OpenVPN.
Support rôle selection form in Juniper VPN.
Support DER-format certificates, add certificate format torture tests.
For OpenSSL >= 1.0.2, fix certificate validation when only an intermediate CA is specified with the --cafile option.
Support Juniper "Pre Sign-in Message".
|
||
|---|---|---|
| .. | ||
| DESCR | ||
| distinfo | ||
| Makefile | ||
| MESSAGE | ||
| PLIST | ||