Features

• Zorp now supports the latest version (1.3) of Transport Layer Security (TLS) protocol both on client and server side of Zorp. TLS 1.3 support is disabled in EncryptionPolicy classes by default so it should be explicitely enabled in existing configurations.

Fixes

Critical

• Fixed an SNAT issue in Zorp kernel module kZorp, caused that a traffic which source address was translated (SNAT) by Service was translated again if there was a rule which was matched to the traffic translated by the Service and its service is a PFService where use client address as source parameter is set.
• Fixed a permission handling problem in Zorp Munin plugins which caused the RSS/VSZ memory usage of Zorp instances not being displayed.
• Fixed a significant memory leak in certificate chain building (10-100 MB per day), both in TLS offloading and interception scenarios.

Moderate

• Fixed kZorp daemon and systemd integration. Earlier kZorp might not responde to systemd if there were no hostname based Zones in the configuration. It resulted in the kZorp daemon being terminated by systemd.