#1109942 strongswan-charon: upgrade to 6.0.1-6 causes "key derivation failed" error with older versions #1109942
- Package:
- strongswan-charon
- Source:
- strongswan-charon
- Description:
- strongSwan Internet Key Exchange daemon
- Submitter:
- Gabriel Filion
- Date:
- 2025-08-27 20:13:02 UTC
- Severity:
- normal
Hello! One of our servers got its strongswan-charon package upgraded from 6.0.1-5 to 6.0.1-6 last night. It has ipsec connections to another trixie machine that's still using 6.0.1-5 and to a bookworm machine that's using 5.9.8-5+deb12u1 No changes to the configuration happened for a while. Since the upgrade happened, the host with 6.0.1-6 can't establish connection to the other two hosts anymore. If I start the connection manually I can see the followup output (peer IP replaced by 1.2.3.4; local IP replaced by 1.2.1.2): ipsec up connection-name initiating IKE_SA connection-name[6] to 1.2.3.4 generating IKE_SA_INIT request 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) N(FRAG_SUP) N(HASH_ALG) N(REDIR_SUP) ] sending packet: from 1.2.1.2[500] to 1.2.3.4[500] (972 bytes) received packet: from 1.2.3.4[500] to 1.2.1.2[500] (280 bytes) parsed IKE_SA_INIT response 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) N(FRAG_SUP) N(HASH_ALG) N(CHDLESS_SUP) N(MULT_AUTH) ] selected proposal: IKE:AES_CBC_128/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/ECP_256 KDF_PRF with PRF_HMAC_SHA2_256 not supported key derivation failed establishing connection 'connection-name' failed Is this an expected compatibility break or is that an unexpected regression?
Very weird.. downgrading to 6.0.1-5 did not fix the issue. I've compared the configuration files with the other servers and I'm not seeing any difference. So I don't actually have a good understanding of what happened on the host that got the upgrade to 6.0.1-6 this morning :\
Hi Gabriel, If you have OpenSSL 3.5.1 installed, then this is unfortunately expected. It requires the patches at [1] and [2], which were released with 6.0.2. Regards, Tobias [1] https://github.com/strongswan/strongswan/commit/2dbeecfc029ba26647c756b0882bc6e85e2e6b64 [2] https://github.com/strongswan/strongswan/commit/43b805b2daed48bdf835ca8eeb87b9b71a42781f
Hi Gabriel, If you have OpenSSL 3.5.1 installed, then this is unfortunately expected. It requires the patches at [1] and [2], which were released with 6.0.2. Regards, Tobias [1] https://github.com/strongswan/strongswan/commit/2dbeecfc029ba26647c756b0882bc6e85e2e6b64 [2] https://github.com/strongswan/strongswan/commit/43b805b2daed48bdf835ca8eeb87b9b71a42781f
We ended up figuring out that the problem was on our side. I'm not sure what actually caused this situation, but a reboot fixed the problem. So there was actually no issue with the contents of the strongswan package. sorry for the noise!
FTR, the workaround is to install the libstrongswan-extra-plugins package, including the kdf plugin. Regards Harri
Dear Maintainers, It might be a good idea to apply these two patches to 6.0.1 in trixie, in order to avoid that everybody has to install libstrongswan-extra-plugins just for the kdf plugin. Also, the problem could technically also occur on bookworm as the OpenSSL guys have backported their "fix" to 3.0.17 for some reason. The difference there is that the kdf plugin is installed by default via libstrongswan package, while the openssl plugin is shipped separately in libstrongswan-standard-plugins. So it will only be a problem if the kdf plugin is explicitly disabled in the config. Regards, Tobias
Dear Maintainers, It might be a good idea to apply these two patches to 6.0.1 in trixie, in order to avoid that everybody has to install libstrongswan-extra-plugins just for the kdf plugin. Also, the problem could technically also occur on bookworm as the OpenSSL guys have backported their "fix" to 3.0.17 for some reason. The difference there is that the kdf plugin is installed by default via libstrongswan package, while the openssl plugin is shipped separately in libstrongswan-standard-plugins. So it will only be a problem if the kdf plugin is explicitly disabled in the config. Regards, Tobias
Thanks for the heads up Tobias, I'll try to prepare updated packages for Trixie in the following weeks. Regards,
We believe that the bug you reported is fixed in the latest version of
strongswan, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 1109942@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Yves-Alexis Perez <corsac@debian.org> (supplier of updated strongswan package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)
Format: 1.8
Date: Fri, 22 Aug 2025 10:45:05 +0200
Source: strongswan
Architecture: source
Version: 6.0.2-1
Distribution: unstable
Urgency: medium
Maintainer: strongSwan Maintainers <pkg-swan-devel@lists.alioth.debian.org>
Changed-By: Yves-Alexis Perez <corsac@debian.org>
Closes: 1109942
Changes:
strongswan (6.0.2-1) unstable; urgency=medium
.
* New upstream version 6.0.2
- Fix support with OpenSSL 3.5.1+ (Closes: #1109942)
* install iptfs configuration in libstrongswan
* d/copyright updated with decopy
Checksums-Sha1:
f1fe348b1472d6a1ffb13b36241758d067c6896d 3179 strongswan_6.0.2-1.dsc
eeb32fa2cb3f18f32eb70dbe29459226d7ae7c0f 4876066 strongswan_6.0.2.orig.tar.bz2
710dcb13296afde7ae842c53d6ec5206d3d80de7 659 strongswan_6.0.2.orig.tar.bz2.asc
dfb31b2aeb54ecfeb3040dd567a23f34326347d8 128000 strongswan_6.0.2-1.debian.tar.xz
01beb624f7d81a47a6d2b9efd58d868129744a86 18301 strongswan_6.0.2-1_amd64.buildinfo
Checksums-Sha256:
b57b8b2753fcf51fbb4401af1dcfd55535aed2614aaeba468cb051bc42a3d4a0 3179 strongswan_6.0.2-1.dsc
b8bfc897b84001fd810a281918d6c9ce37503cae0f41b39c43d4aba0201277cf 4876066 strongswan_6.0.2.orig.tar.bz2
51276ad43969e40f627f94435e6681dc40a11ad3c3aec3924748e0f2f1bfe8af 659 strongswan_6.0.2.orig.tar.bz2.asc
185c9ee4f8c3197a9ea19a9e19de93f81eff2af3b29afea9985a417205421acc 128000 strongswan_6.0.2-1.debian.tar.xz
d562785ee1b032693a3204e0c582a720ef7245ce8957a9a15b2a76755c28a3a8 18301 strongswan_6.0.2-1_amd64.buildinfo
Files:
8a975287becaf0d87d979dce8de7d205 3179 net optional strongswan_6.0.2-1.dsc
f03a199f79d5d871ef8d6322a8411cf9 4876066 net optional strongswan_6.0.2.orig.tar.bz2
2c091b3b98be39f84ecb6f65c1bdf4c4 659 net optional strongswan_6.0.2.orig.tar.bz2.asc
e3bcb41472c588df3e9681b19d351456 128000 net optional strongswan_6.0.2-1.debian.tar.xz
703864f9656926c1b5a8af0aa231f10c 18301 net optional strongswan_6.0.2-1_amd64.buildinfo
-----BEGIN PGP SIGNATURE-----
iQEzBAEBCgAdFiEE8vi34Qgfo83x35gF3rYcyPpXRFsFAmioNGkACgkQ3rYcyPpX
RFus4Qf+LwK/lvZ9SIBlHhqpv9QoKZdGzGJnaUhJ/GxSjm7QqgDkPyJyXVVTqF0J
v5q3NIpBVuUl60rcUOHeWb29oUQUFglE5j8e69aDev0KHqe/HP2rUdHbSHSxMslA
TKHbjCzc4hODgcRfl7tU+d2mc2kcd8gP+IODxmO8+mbmsJwze0UnJkGmX+dwCIkX
IbQY+4XH8SkOLl1KTznWps3zRR+W2DonzSGsIfP+5CjhONcy1j+B81Mp0OIA2uzv
K18lBzR+2+ziZqfHS7CsI6rZQqUEHeGdsaZzuLp0+bdySHhghW4ShEjWGJlzdmDF
DeA6tLJRa4+IKNB7SD1TOmX8jdKm8w==
=9p+V
-----END PGP SIGNATURE-----
We believe that the bug you reported is fixed in the latest version of strongswan, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 1109942@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Yves-Alexis Perez <corsac@debian.org> (supplier of updated strongswan package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmaster@ftp-master.debian.org) Format: 1.8 Date: Fri, 22 Aug 2025 09:58:42 +0200 Source: strongswan Architecture: source Version: 6.0.1-6+deb13u1 Distribution: trixie Urgency: medium Maintainer: strongSwan Maintainers <pkg-swan-devel@lists.alioth.debian.org> Changed-By: Yves-Alexis Perez <corsac@debian.org> Closes: 1109942 Changes: strongswan (6.0.1-6+deb13u1) trixie; urgency=medium . * d/patches: add patches to fix OpenSSL 3.5.1 support (Closes: #1109942) Checksums-Sha1: 58e1a71d85a3b09896c0bb689888c6d59da7549c 3211 strongswan_6.0.1-6+deb13u1.dsc 4bba6ac608d65d264ddde2269f3c275b978923fe 129048 strongswan_6.0.1-6+deb13u1.debian.tar.xz b6915340dbe091c3ef5515cce16a138c93aba6d7 18637 strongswan_6.0.1-6+deb13u1_amd64.buildinfo Checksums-Sha256: 8dac72e54f8a563b80afcfb612246405b74e660ace3bcf0e2dc36c63706ebd38 3211 strongswan_6.0.1-6+deb13u1.dsc 6e5fa8af2cd7ab9bf43369d7be37e028dcc2f6c88f5d80d3967505f24070f543 129048 strongswan_6.0.1-6+deb13u1.debian.tar.xz cce75f7667b4757e761f7714745f774e622307a301b45da3c9b188dbf93b63e5 18637 strongswan_6.0.1-6+deb13u1_amd64.buildinfo Files: 7af552735aaa7c207256b7c162a2a306 3211 net optional strongswan_6.0.1-6+deb13u1.dsc 9cc2cfcfaf3c2a9e4265fdbc77e98166 129048 net optional strongswan_6.0.1-6+deb13u1.debian.tar.xz 0218c07c0ab4504733bf956daff4bcc0 18637 net optional strongswan_6.0.1-6+deb13u1_amd64.buildinfo -----BEGIN PGP SIGNATURE----- iQEzBAEBCgAdFiEE8vi34Qgfo83x35gF3rYcyPpXRFsFAmiu04AACgkQ3rYcyPpX RFvESwf9Hwm30U5+msc9g0620viMOdfErxObJVcxpg63LJWFpi0XyJhRf8YTSY1w fUk0xrYez4T+m+zQud1CN8BceYu9ApaRgFuT0YSvM5mi1I8q0M8pEJcD7ER6n3VF PQC/Q4yEO3wSGLmrD8R4VUsei2hLs0c27jKDNq6uhH4oTdvt8HgdO8wLWxJOtGAw 6TaQpaw3KutD9GMocd3VxNZwYIUEdTPdqZxUQoTkGfLz7GSWR9porOFy92xRNK6C uTOqhC2cHpGmz6/WgS6+AAddWEJU3YgEJ5TsRcvgMfcrY5fTmDIO7jCCiZKaUi0j +PS//erfMzDZybl1IiO32fr3niM1Ug== =/19T -----END PGP SIGNATURE-----