Release Notes

Release v3.0

  • Post Quantum TLS and SSH (Hybrid PQC)

  • FIPS compliant cryptography used system wide

  • Improved AES-256 performance

  • Improved Web UI layout and Security (HTTPS cookies)

  • Software Update mechanism enhancements

  • Package version updates and bug fixes

  • OpenSSL version and patches for memory security

Bug Fixes:

  • REST API & Web UI bug fixes

Notes:

  • Requires fresh install (upgrade from previous versions is not supported)

Release v2.4

  • Confidential VM support for AMD SEV & SEV-SNP in AWS, Azure, and Google Cloud

  • Integrity Measurement Architecture (IMA) integrations and enhancements (improved intrusion prevention and detection)

  • SELinux policy enhancements (improved intrusion detection and prevention)

  • System report now includes IMA policy, IMA violations, and SELinux enforcement status

  • Audit Log now available over REST API and Web UI

  • Improved storage encryption for private keys, open CSRs, and certificates

  • TPM 2.0 support for disk encryption keys

  • Expanded test and validations on more VM sizes in AWS, Azure, and Google Cloud

Bug Fixes:

  • REST API & Web UI bug fixes, updates to support new features

  • Improved REST API certs/v2/tls/client-cert endpoints and certs/v2/tls/reload (separate reload which restarts the TLS web server may close the current connection)

Release v2.3

  • Initial User Creation API updates to require Instance ID

  • Instance ID is known only to the VM instance owner making the initial user creation process more secure.

Bug Fixes:

  • Web UI bug fixes, updates to support Instance ID for initial user creation

Release v2.2

AWS Support:

  • AWS is now a supported platform

  • Update kernel and drivers for AWS infrastructure

  • Terraform Modules released to support AWS SecureKey VPN deployment

Bug Fixes:

  • Web UI updates, enhancements, and bug fixes

Release v2.1

Post Quantum Support

  • Post-Quantum Safe ML-KEM (RFC 9370 and RFC 9242) support for IKEv2 Connections.

    • ML KEM for a Hybrid Post Quantum Safe KEM (IKEv2 will always use the DH group in addition to an optional ML KEM)

    • CNSA v2.0 allows MLKEM-1024 (Kyber1024) only - this is enforced by default and so only mlkem1024 is supported in SK-VPN

    • RFC allows selection of up to 7 additional KEMs

    • Configurable using REST API and Web UI

  • Post Quantum Preshared Key (PPK, RFC 8784) support for IKEv2 Connections. Configurable using REST API and Web UI.

  • Improve DH Group, PRF and other IKEv2 parameters selection on the Web UI.

Bug Fixes:

  • Fix ESN configuration for IKEv2 connections - added ESN selectionto Web UI.

  • Numerous Web UI updates and enhancements.

Release v2.0

SecureKey Crypto Library v2.0 updates:

  • Improved AES throughput over SecureKey v1 (3X+ increase for small packets)

  • Added support for AES-256-CTR and AES-256-CBC modes

  • SecureKey OpenSSL Provider updates:

  • SecureKey provider protects Certificates, Private Keys and Secret data in memory for Authentication and Key Exchange

  • SecureKey provider protects AES keys in memory during encryption and decryption

  • FIPS Certification is in progress

  • SecureKey OpenSSL Provider used for Management Plane (SSH, HTTPS, and IKEv2)

  • Enforce strong algorithms/curves for SSH and HTTPS (AES-256, and CNSA v1.0 algorithms where available)

  • Multi-layer encryption for stored Private Keys using LUKS and Database encryption

  • Update SecureKey Logo and Web UI color scheme

  • Stateful Firewall improvements - added ACL session management

Bug Fixes:

  • Update COTS packages to latest versions

  • Bug fixes for the REST API and Web UI

Release v1.3

Google Cloud support.

Bug Fixes and improvements:

  • Support for Google Cloud (required drivers have been added)

  • Update data plane package versions

  • Bug fixes and new features for the Web UI

Release v1.2

Web User Interface improvements.

Bug Fixes and improvements:

  • Historical statistics endpoints return a 10 minute history

  • Fixes and new features for the Web UI

  • Interface, Firewall, IPsec, and drop counters for charts now use historical data

  • Changes to IPsec connection to allow editing existing connections

  • Update certificate details for all certificate types

  • Add Interface chart and Runtime staistics

  • Allow download of CSR PEM file data

  • Add support for Extended Sequence Numbers (ESNs)

  • Various API updates and bug fixes in support of the Web User Interface

  • Open Source package updates and bug fixes

Release v1.1

Web User Interface has been added to allow management and configuration of the SK-VPN using a web browser.

Bug Fixes and improvements.

  • Fix MAC/LAN address Role assignment - was failing if the initial LAN/WAN ip address was 10.X.0.X where X >= 10

  • REST API now allows LAN/WAN MAC assignemnt even if initial IPs are not valid or unassigned

  • ACL IP Rules now use an Integer for Protocol instead of string

New Features and REST API updates:

  • Expand Version reporting in sys/version

  • Expand system report in sys/system-report to report “build-type”

  • Web User Interface

  • Various API updates and bug fixes in support of the Web User Interface

Release v1.0

v1.0.1717174796

Initial Release of the SecureKey VPN. SecureKey Crypto library v1.0 is used to secure keys used by the data plane.