Added
- Add Kyber1024 KEM algorithm into the Post-Quantum secure key exchange algorithm. This means the
Quantum-resistant-tunnels feature now mixes both Classic McEliece and Kyber for added protection. - Add notification dot to tray icon and system notification throttling.
- Add troubleshooting information to some in-app notifications.
- Add setting for quantum resistant tunnels to the desktop GUI.
- Enable
TCP_NODELAYfor the socket used by WireGuard over TCP. Improves latency and performance.
Changed
- Update the Post-Quantum secure key exchange gRPC client to use the stabilized
PskExchangeV1endpoint - Add "auto" setting for the quantum-resistant tunnel feature, and make it the default. If it was
previously set to off, it will now be set to auto instead. That currently means the same thing as
"off", but this might change in the future. - Update OpenVPN to 2.6.0 from 2.5.3.
- Update OpenSSL to 1.1.1t from 1.1.1j.
- Post-Quantum secure tunnels and multihop can now be used at the same time.
- Change WireGuard key rotation interval to 14 days. It was 7 days.
Windows
- Remove automatic fallback to wireguard-go. This is done as a first step before fully
deprecating it on Windows.
Removed
- Remove port 443 as valid port for WireGuard over TCP. Keep only port 80 and 5001. The reason is
to free up port 443 for other TCP based obfuscation later.
Fixed
- Fix close to expiry notification not showing unless app is opened once within the last three days
in the desktop app. - Retry if PQ PSK negotiation fails for any reason.
- Fix accumulated tunnel state notifications sometimes displayed after suspend.