reopen 1109942 affects 1110055 strongswan-charon thanks On Mon, Jul 28, 2025 at 05:30:00PM -0500, Marc Clemente wrote: > Upgrading libssl3t64 from 3.5.0-2 to 3.5.1-1 breaks strongswan (6.0.1-6). > This is reproduced on armel and armhf architectures. I was unable to > reproduce it on amd64. > > root@raspberry:~# dpkg -l | grep libssl3t64 > ii libssl3t64:armhf 3.5.1-1 armhf > Secure Sockets Layer toolkit - shared libraries > root@raspberry:~# swanctl -i -c chronos [..] > [IKE] local host is behind NAT, sending keep alives > [IKE] KDF_PRF with PRF_HMAC_SHA2_256 not supported > [IKE] key derivation failed > initiate failed: establishing CHILD_SA 'chronos' failed
This is probably #1109942, which was closed, but has relevant info. Maybe you can take a look at that too. Chris
