New features and enhancements in SNS 4.3.31 LTSB

Certificates and PKI

Firewalls now check whether the certificate associated with a CRL is indeed authorized to sign CRLs (presence of the "crlSign” keyUsage value).

Encryption

Enhancements have been applied to the cryptographic function verification binary file (cryptotest). When this utility is run in verbose mode, it now includes a verification of the TPM, if the firewall has one. In the resulting verbose file, the utility shows the name of the user who launched the verification.

Several error messages have also been reworded for clarity.

IPsec VPN

Phase 1 of an IPsec tunnel is now automatically deleted when the only associated phase 2 has been deleted following an idle timeout.