From: Martin Willi <martin@revosec.ch>
Date: Wed, 4 Feb 2015 10:47:56 +0000 (+0100)
Subject: NEWS: Introduce make-before-break reauthentication
X-Git-Tag: 5.3.0dr1~78^2
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=4a00f912ed2b9643fb6e792c612dfde30407052a;p=thirdparty%2Fstrongswan.git

NEWS: Introduce make-before-break reauthentication
---

diff --git a/NEWS b/NEWS
index 1bce48d695..976f34c181 100644
--- a/NEWS
+++ b/NEWS
@@ -1,3 +1,12 @@
+- Added support for IKEv2 make-before-break reauthentication. By using a global
+  CHILD_SA reqid allocation mechanism, charon supports overlapping CHILD_SAs.
+  This allows the use of make-before-break instead of the previously supported
+  break-before-make reauthentication, avoiding connectivity gaps during that
+  procedure. As the new mechanism may fail with peers not supporting it (such
+  as any previous strongSwan release) it must be explicitly enabled using
+  the charon.make_before_break strongswan.conf option.
+
+
 strongswan-5.2.2
 ----------------