NEWS: Introduce make-before-break reauthentication
authorMartin Willi <martin@revosec.ch>
Wed, 4 Feb 2015 10:47:56 +0000 (11:47 +0100)
committerMartin Willi <martin@revosec.ch>
Fri, 20 Feb 2015 12:34:58 +0000 (13:34 +0100)
NEWS

diff --git a/NEWS b/NEWS
index 1bce48d..976f34c 100644 (file)
--- a/NEWS
+++ b/NEWS
@@ -1,3 +1,12 @@
+- Added support for IKEv2 make-before-break reauthentication. By using a global
+  CHILD_SA reqid allocation mechanism, charon supports overlapping CHILD_SAs.
+  This allows the use of make-before-break instead of the previously supported
+  break-before-make reauthentication, avoiding connectivity gaps during that
+  procedure. As the new mechanism may fail with peers not supporting it (such
+  as any previous strongSwan release) it must be explicitly enabled using
+  the charon.make_before_break strongswan.conf option.
+
+
 strongswan-5.2.2
 ----------------