Skip site navigation (1)Skip section navigation (2) 
Date:      Tue, 21 Apr 2026 23:43:53 +0000
Message-ID:  <69e80bb9.3efbd.218fe279@gitrepo.freebsd.org>
index | next in thread | raw e-mail 

The branch main has been updated by vvd:

URL: https://cgit.FreeBSD.org/ports/commit/?id=fb347f77757066e2bc0989fd66c8f02c9bf862d9

commit fb347f77757066e2bc0989fd66c8f02c9bf862d9
Author:     Mike Bressem <mike@bressem.com>
AuthorDate: 2026-04-21 23:32:52 +0000
Commit:     Vladimir Druzenko <vvd@FreeBSD.org>
CommitDate: 2026-04-21 23:32:52 +0000

    security/strongswan: Enable ML plugin by default to allow Post-Quantum Key Exchange Methods
    
    Currently ML-DSA (used for Digital Signatures) is a draft in strongswan
    (ETA Version 6.1.0 or later). So CNSA 2.0 cannot be fully supported yet.
    https://linux-ipsec.org/slides/2025/steffen-pqc-auth-for-ikev2.pdf
    But most firewalls (Palo Alto / Fortigate) already support ML-KEM Key
    Exchange in addition to standard proposals.
    E.g. aes128gcm16-ecp256-ke1_mlkem512.
    
    More details:
    https://docs.strongswan.org/docs/latest/config/proposals.html
    
    PR:             294305
    Approved by:    strongswan@Nanoteq.com (maintainer, timeout 2 weeks)
    Sponsored by:   UNIS Labs
---
 security/strongswan/Makefile | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/security/strongswan/Makefile b/security/strongswan/Makefile
index 32d8925fc022..7f0064b43fe1 100644
--- a/security/strongswan/Makefile
+++ b/security/strongswan/Makefile
@@ -1,5 +1,6 @@
 PORTNAME=	strongswan
 DISTVERSION=	6.0.5
+PORTREVISION=	1
 CATEGORIES=	security net-vpn
 MASTER_SITES=	https://download.strongswan.org/ \
 		https://download2.strongswan.org/
@@ -46,7 +47,7 @@ OPTIONS_DEFINE=			CTR CURL DHCP EAPAKA3GPP2 EAPDYNAMIC EAPRADIUS \
 				PKCS11 PKI PYTHON SMP SQLITE STROKE SWANCTL \
 				TESTVECTOR TPM TSS2 UNBOUND UNITY VICI XAUTH
 OPTIONS_DEFINE_i386=	VIA
-OPTIONS_DEFAULT=		BUILTIN CURL GCM IKEV1 KDF PKI SWANCTL VICI
+OPTIONS_DEFAULT=		BUILTIN CURL GCM IKEV1 KDF ML PKI SWANCTL VICI
 OPTIONS_SINGLE=			PRINTF_HOOKS
 OPTIONS_SINGLE_PRINTF_HOOKS=	BUILTIN LIBC VSTR
 OPTIONS_SUB=			yes
home | help

Want to link to this message? Use this
URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?69e80bb9.3efbd.218fe279>