7.0.8865 #

(build 8865 from 2024-04-08)

Maintenance release

This is a maintenance release that brings several enhancements and resolves some issues.

Detailed list of changes:

• SCP: Added workaround for SCP in Cisco SSH server that interprets target directory as file name.
• SCP: Fixed handling of paths starting with "~/".
• File System: Improved reporting of some I/O errors in virtual file systems.
• SSH: SshPublicKey.LoadPublicKeys reads comments and does not fail on empty files.
• TLS Core: Added option to disable ClientHello padding. Added option to enable legacy SCSV mode.
• TLS Core: Fixed potential repeated clean-up of TLS extensions that might cause strange exceptions in the following TLS connection.
• Cryptography: Added support for loading private keys in new OpenSSH key format encrypted using AES/GCM or ChaCha20/Poly1305.

7.0.8816 #

(build 8816 from 2024-02-19)

SSH enhancements

Client-side SSH now supports a combination of password and keyboard-interactive authentication and contains other improvements as well. For example, Session.Cipher.StrictKeyExchange property on Sftp or Ssh objects can be used to determine whether strict SSH key exchange (mitigating the 'Terrapin' weakness) has been used.

SSH tunneling fixes

We fixed an issue in SSH tunneling that could cause individual tunnels to get stuck after SSH renegotiation.

R6.15 available as well

For customers who have not yet upgraded to version 7 of Rebex libraries, we published the R6.15 update with all the important fixes. Version R6.x will be supported until November 2024.

Detailed list of changes:

• SFTP: Added workaround for FileZilla Server Pro Enterprise which crashes its SSH session if it receives SFTP read request for 65493 bytes or more.
• File Server: Added logging of SSH ciphers supported by the client on mismatch.
• File Server: Fixed handling of client's SSH_MSG_EXT_INFO.
• File System: Added an instructional exception message when VFS node name contains prohibited characters.
• File System: Fixed unexpected exception propagation in directory creation.
• SSH Shell: Fixed an issue in SSH tunneling that could cause tunnels to get stuck.
• SSH Shell: Fixed an issue that could cause a tunnel to stop processing data after an SSH renegotiation.
• Terminal: Fixed possible 'Object is currently in use elsewhere' error when multiple instances of TerminalControl are used.
• SSH: Added SshCipher.StrictKeyExchange and SshServerInfo.​SupportsStrictKeyExchange properties.
• SSH: Added SshPrivateKey.​CreateFrom(PrivateKeyInfo) method.
• SSH: Added support for a combination of password and keyboard-interactive authentication.
• SSH: Improved SSH session and channel lifecycle logging.
• SSH: Using lower local SSH channel numbers for better log readability.
• TLS Core: Fixed invalid TLS 1.3 behavior for rare Poll/Receive call sequence on TlsSocket.
• TLS Core: Fixed possible deadlock in Receive or Poll methods when additional incomplete packet is received after close_notify in TLS 1.2 or earlier.
• Cryptography: Added low-level API for loading/saving PrivateKeyInfo with byte[] passwords.
• Cryptography: Added ObjectIdentifier.Encode method.
• Cryptography: Added support for loading PKCS #8 private keys with legacy RC4 algorithm.
• Cryptography: Added UseDer property to SignedData and EnvelopedData classes.
• Cryptography: PrivateKeyInfo.Save now uses SHA-2 instead of SHA-1 in PKCS #8 format with PBKDF2 derivation.
• Cryptography: Reduced memory footprint of CNG API interop layer.

7.0.8755 #

(build 8755 from 2023-12-20)

Strict key exchange in SSH

Rebex SSH library now implements OpenSSH's strict KEX protocol extension that addresses a weakness in the SSH protocol that makes some OpenSSH ciphers vulnerable to Terrapin attack (CVE-2023-48795).

The attack is only possible when one of the following OpenSSH ciphers is in use:

• chacha20-poly1305@openssh.com
• hmac-sha2-256-etm@openssh.com
• hmac-sha2-512-etm@openssh.com

Fortunately, in practice, the actual impact of the weakness on most SSH implementation seems to be negligible. No version of Rebex SSH relies on RFC 8308 extension negotiation mechanism yet, so this weakness can only be used by an attacker to disrupt authentication, causing the SSH session to fail.

Strict key exchange extension is enabled by default. It can be disabled using Settings.SshParameters.UseStrictKeyExchange option. Please note that this extension only resolves the weakness if both the client and server SSH implementation support it. When connecting a vulnerable client to an updated server (or vice versa), Terrapin attack is still possible.

Improved Native AOT compatibility

This update improves compatibility with .NET 8's Native AOT deployment model, which makes it possible to compile applications to native code ahead-of-time (AOT). Most common features should already work in Native AOT mode.

Detailed list of changes:

• All: Improved compatibility with Native AOT in .NET 8.
• SFTP: Added Sftp.ResolvePath(string path) method.
• SFTP: Fixed 'not authenticated' instead of 'not connected' error message.
• File Server: Added support for strict key exchange extension (thwarts the so-called 'Terrapin attack').
• File Server: Allowed dates outside 1970-2999 range in SFTP v4 (or higher).
• SSH: Added support for PKCS #8 format to SshPublicKey constructor.
• SSH: Added support for strict key exchange extension (thwarts the so-called 'Terrapin attack').
• Common: Optimized memory usage of miscellaneous methods.

7.0.8720 #

(build 8720 from 2023-11-15)

Support for .NET 8!

This release adds a new set of binaries targeting .NET 8. It supports all .NET 8 platforms:

• Windows (x64, x86, ARM64)
• Linux (x64, ARM32, ARM64)
• macOS (x64)
• Android
• iOS/tvOS

Detailed list of changes:

• All: Added a new set of binaries targeting .NET 8.0.
• SFTP: Increased range for SftpAttributes dates and fixed the error message.
• SSH: Added SshParameters.ChannelCloseTimeout property.
• Cryptography: Fixed behavior of certificate issuer API when no CRLs have been specified.

7.0.8657 #

(build 8657 from 2023-09-13)

Maintenance release

This is a maintenance release that fixes minor issues.

Detailed list of changes:

• Networking: Fixed handling of IPv6 addresses in square brackets.
• SSH: Fixed behavior of Certificate flag in SshParameters.HostKeyAlgorithms.

7.0.8581 #

(build 8581 from 2023-06-29)

First 7.0.* release!

This is the first release of 7.0.* series. It no longer uses the 'Rx.y' naming scheme, which was somewhat confusing.

The R6.x series will be supported until November 2024 and will receive fixes and security updates.

SSH agent support

OpenSSH Agent and PuTTY Pageant are now supported for SSH and SFTP client authentication. Use the Login method overload with SshAuthenticationAgent argument.

Support for secp256k1 curve in SSH

Rebex SSH client and server libraries now support ECDH and ECDSA ciphers with secp256k1 curve (ecdh-sha2-1.3.132.0.10 and ecdsa-sha2-1.3.132.0.10).

Support for Telnet Environment Option

Added support for Telnet Environment Option (RFC 1572).

AesGcm and ChaChaPoly1305 moved to Rebex.Security

AesGcm and ChaChaPoly1305 classes were moved from Rebex.Common assembly to Rebex.Security. If you are using these classes and don't have a Rebex Total Pack or Rebex Security license, please let us know.

Support for Ed25519 certificates in TLS 1.2

X.509 certificates based on Ed25519 asymmetric algorithm are now supported with TLS 1.2 as well. Previously, they were only supported with TLS 1.3.

Support for modular Diffie-Hellman (FFDHE) in TLS 1.3

Although TLS 1.3 is usually used with Elliptic Curve Diffie-Hellman, it supports classic Diffie-Hellman as well.

Lot of TLS improvements

This release brings lot of small improvements in TLS that aims to make our TLS library up-to-date and as compatible as possible. Check out the release notes below for details.

Detailed list of changes:

• SFTP: Enabled Settings.GetFileOpenRemoteFirst option by default.
• File Server: Added custom Context property to ConnectingEventArgs, PreAuthenticationEventArgs and AuthenticationEventArgs.
• File Server: Added FileServer.​Settings.​MaxAuthenticationDuration option.
• File Server: Changed default shell character encoding to UTF-8.
• File Server: Improved client public key authentication process.
• File Server: Optimized 'Move' operation in LocalFileSystemProvider.
• File System: Added 'NodePath.IsBackslashInFileNameAllowed' property. Setting it to true allows '\' character in VFS node name.
• SSH Shell: Changed default shell character encoding to UTF-8.
• Telnet: Added support for Telnet Environment Option (RFC 1572).
• Networking: Added SslSettings.SslRenegotiationMode option.
• Networking: No longer sending default domain in SSPI requests by defalt. Added SslSettings.UseDefaultDomain property.
• SSH: Added SshPublicKey.Parse method and a new overload for SshPublicKey.LoadPublicKeys.
• SSH: Added support for ECDH and ECDSA with secp256k1 curve ('ecdh-sha2-1.3.132.0.10' and 'ecdsa-sha2-1.3.132.0.10').
• SSH: Added support for SSH agents (OpenSSH agent and Pageant).
• SSH: Preferring ChaCha20/Poly1305 on platforms with HW intrinsics support.
• TLS Core: Added public API for TLS 1.3 and TLS 1.2 signature algorithms.
• TLS Core: Added public API for TLS 1.3 named groups and pre-shared key exchange modes configuration.
• TLS Core: Added support for Ed25519 in TLS 1.2 (already supported in TLS 1.3).
• TLS Core: Added support for modular Diffie-Hellman (FFDHE) in TLS 1.3.
• TLS Core: ClientHello is padded to 512 bytes to work around strange bugs in the erroneous TLS implementation on some servers.
• TLS Core: Disable client-initiated TLS renegotiation by default.
• TLS Core: Enabled ChaCha20/Poly1305 ciphers by default on .NET Core 3.1 / .NET 5 or higher.
• TLS Core: Changed the default order of cipher suites in ClientHello to more closely align with the best practices of the industry.
• TLS Core: In TLS 1.2, support for Renegotiation Indication Extension is annonced using renegotiation_info extension.
• TLS Core: The default selection of TLS 1.2 elliptic curves has been altered to more closely align with the best practices of the industry.
• TLS Core: TlsServerSocket now honors TlsOptions.DoNotCacheSessions flag when TLS 1.3 is negotiated.
• TLS Core: Updated default TLS 1.2 cipher preference order. Disabled 3DES by default. Added TlsCipherSuite.Common value.
• Cryptography: Added API for CRL distribution endpoints with multiple CRL entries.
• Cryptography: Added Certificate.Bind methods.
• Cryptography: Added CertificateStoreName.WebHosting enum value.
• Cryptography: Added CertificateStoreOpenFlags and corresponding CertificateStore constructors.
• Cryptography: AesGcm and ChaChaPoly1305 classes moved from Rebex.Common assembly to Rebex.Security.
• Cryptography: Certificate.Extensions collection is now read-only.
• Cryptography: Deprecated EncryptValue/DecryptValue methods in RSAManaged class.
• Cryptography: Fixed visibility of CertificateException legacy serialization constructor.
• Cryptography: Improved loading of Y-less legacy DSA keys in FIPS-only mode on .NET 6/7 in Windows.
• Common: Optimized internal Task.Run methods on old platforms.
• Common: Optimized internal WhenAll/WhenAny Task combinators on old platforms.

R6.14 #

(version 6.0.8580 from 2023-06-28)

Maintenance release

This is a maintenance release that brings several enhancements and resolves some issues.

Detailed list of changes:

• All: Fixed problems in finalizer logic.
• SSH: Fixed missing end-of-lines in new OpenSSH key format.
• Cryptography: Fixed support for ECDSA private key formats with optional public key.

R6.13 #

(version 6.0.8558 from 2023-06-06)

Maintenance release

This is a maintenance release that brings several enhancements and resolves some issues.

Detailed list of changes:

• File Server: Fixed filename handling in SCP's non-directory upload mode.
• File Server: Fixed handling of datetimes on non-Windows file systems.
• Networking: Added support for IPv6 addresses to SOCKS5 proxy (client-side).
• Networking: Added workaround for systems where System.​Net.​Sockets.​Socket.​RemoteEndPoint does not work properly.
• Networking: Fixed formatting of IPv6 addresses for HTTP CONNECT proxies.
• Networking: Using 'Proxy-Connection' header instead of 'Connection' with HTTP CONNECT proxies.
• TLS Core: Disabled workaround for DHE padding bug in old versions of MS Schannel.
• TLS Core: Fixed server-side TLS curve selection on end-of-life platforms.
• Cryptography: Fixed lifecycle of AsymmetricKeyAlgorithm based on RSA CSP.
• Cryptography: Improved support for SignatureHashAlgorithm.MD5SHA1 in .NET 5 and higher in FIPS-only mode.

R6.12 #

(version 6.0.8509 from 2023-04-18)

Maintenance release

This is a maintenance release that brings several enhancements and resolves some issues.

Detailed list of changes:

• SFTP: Improved workaround for windows size adjustment issue in Azure Blob Storage SFTP server.
• SCP: Fixed escaping of "$" character in SCP commands.
• File Server: Fixed parsing of "\$" sequences in SSH commands.
• File System: Exists methods/properties in Rebex.IO VFS API return 'false' (like System.IO) instead of raising an exception.
• File System: Improved recursion breaker.
• File System: Rebex.IO VFS API raises InvalidOperationException when the underlying VFS provider is not registered as a VDriveInfo object.
• File System: Rebex.IO VFS API raises NotSupportedException when the format of the specified path is invalid.
• SSH: Added workaround for an issue in 'srt SSH Server' that makes it reject RSA/SHA-2 public key authentication attempts.
• SSH: Fixed handling of SSH2 PUBLIC KEY quotation marks in SshPublicKey.
• SSH: Fixed handling of user name when performing single sign-on in .NET Core and .NET 5/6/7.
• TLS Core: Fixed client-side TLS cipher suite check and server-side TLS cipher selection.
• TLS Core: Fixed checking of selected elliptic curves.
• TLS Core: Fixed memory leak in server-side TLS session cache.
• Common: Fixed rare race condition in scheduled action infrastructure.

R6.11 #

(version 6.0.8432 from 2023-01-31)

Maintenance release

This is a maintenance release that brings several enhancements and resolves some issues.

Detailed list of changes:

• File Server: Added workaround for libssh2's broken string value encoding (in SCP or possibly elsewhere).
• File System: Fixed potential memory leak when a VFS provider is disposed in an unexpected thread.
• Networking: Comment is no longer ignored when loading SSH2 public key into SshPublicKey.
• SSH: Fixed occasional StackOverflowException in SSH tunnel code (thrown when a large batch of consecutive asynchronous IO operations completes synchronously).
• TLS Core: Fixed handling of missing close_notify message in TLS 1.2 or earlier.
• Cryptography: Fixed CRL retrieval for certificate with multiple CRL distribution endpoints.
• Common: Fixed potential premature release of an unmanaged buffer in SSPI interop code.
• Common: Improved compatibility with Windows 2000.

R6.10 #

(version 6.0.8372 from 2022-12-02)

Maintenance release

This is a maintenance release that brings several enhancements and resolves some issues.

Detailed list of changes:

• SFTP: Added workaround for an issue in Azure Blob Storage SFTP related to receive window size adjustment handling.
• SSH: Added workaround for an issue in Azure Blob Storage SFTP that makes it reject RSA/SHA-2 public key authentication attempts.
• TLS Core: Fixed TlsParameter.AcceptableAuthorities handling (can specify an empty list).
• Cryptography: Added workaround for broken X25519 implementation in early versions of Windows 10 (version 1507 and 1511).
• Common: Fixed Windows Extended Protection in 64-bit Windows applications.

R6.9 #

(version 6.0.8348 from 2022-11-08)

Support for .NET 7!

This release adds a new set of binaries targeting .NET 7. It supports all .NET 7 platforms:

• Windows (x64, x86, ARM64)
• Linux (x64, ARM32, ARM64)
• macOS (x64)
• Android
• iOS/tvOS

Detailed list of changes:

• All: Added a new set of binaries targeting .NET 7.
• Cryptography: Fixed SHA-2 support on pre-SP3 versions of Windows XP.

R6.8 #

(version 6.0.8334 from 2022-10-25)

Optimized CPU and memory usage in TLS 1.3

Rebex TLS 1.3 core has been further optimized on all supported platforms.

SSE2 implementation of ChaCha20

Last year, we introduced a very fast AVX2 implementation of ChaCha20 encryption cipher. However, some older or mobile CPUs lack AVX2 support, and this is where the new SSE2 implementation will become useful and improved performance of ChaCha20/Poly1305 in TLS and SSH. (Just like AVX2, the new SSE2 implementation is only available on .NET Core 3.1 and .NET 5/6.)

Detailed list of changes:

• SSH Shell: Fixed UseLargeBuffers a SetNoDelayForTunnelSockets usage in SSH tunnels.
• Networking: Improved timeout handling during TCP connect.
• TLS Core: Fixed handling of incomplete TLS 1.3 records.
• TLS Core: Further optimized TLS 1.3 core.
• TLS Core: Improved handling of invalid TLS 1.3 session tickets (PSKs).
• TLS Core: Reduced memory footprint and CPU usage of TLS 1.3.
• Cryptography: Added SSE2 implementation of ChaCha20 for .NET 5.0 or higher.

R6.7 #

(version 6.0.8314 from 2022-10-05)

Fixed code signing (broken by DigiCert)

From September 14^th to September 22^nd, 2022, DigiCert's timestamping authority mistakenly issued a TSA certificate with a validity period of only one year. Unfortunately, this mistake means that code-signed Rebex assemblies from R6.6 release will no longer pass validation after February 28^th, 2024.

Therefore, Rebex customers should upgrade from R6.6 as soon as possible to take advantage of the new TSA certificate's full 11-year validity period.

Detailed list of changes:

• All: This release is properly code-signed again. TSA certificate validity was too short in R6.6 due to DigiCert's mistake.
• SSH: Added workaround for SSH servers that claim to prefer 'ssh-rsa' for client public key authentication.
• Cryptography: Added Rebex.Common.Validator assembly.

R6.6 #

(version 6.0.8295 from 2022-09-16)

New constructor for SshPrivateKey/SshPublicKey

SshPrivateKey and SshPublicKey feature a new constructor that accepts an instance of AsymmetricKeyAlgorithm.

Detailed list of changes:

• SFTP: Fixed free space calculation in Sftp.GetFileSystemInfo for macOS-based servers.
• File Server: Fixed handling of read-only items in raw directory listings.
• File Server: Improved error reporting when using .NET-based file system.
• SSH Shell: Fixed possible unobserved exception in client-side SSH tunnels on .NET 6.0.
• SSH: Added new constructors to SshPrivateKey/SshPublicKey classes that accept AsymmetricKeyAlgorithm.
• SSH: Added support for ECDSA to SshPrivateKey(AsymmetricAlgorithm) constructor (on .NET Core 3.1 or higher).
• SSH: Fixed rare NullReferenceException when closing an SshSession.
• TLS Core: Added support for Windows Extended Protection (only available on Windows).
• Cryptography: Added GetPrivateKeyAlgorithm/​GetPublicKeyAlgorithm methods to Certificate class.

R6.5 #

(version 6.0.8232 from 2022-07-15)

Support for more SSH extensions

Added support for server-sig-algs SSH extension (RFC 8332) and for SSH extension negotiation (RFC 8308).

Detailed list of changes:

• SFTP: Improved key-only variant of Login method when the server requests further authentication and AuthenticationRequest event has been registered.
• SCP: Improved key-only variant of Login method when the server requests further authentication and AuthenticationRequest event has been registered.
• File Server: Added support for SSH extension negotiation (RFC 8308).
• SSH Shell: Improved key-only variant of Login method when the server requests further authentication and AuthenticationRequest event has been registered.
• SSH: Added support for 'server-sig-algs' SSH extension (RFC 8332).
• SSH: Improved logging of 'partial success' authentication responses.
• TLS Core: Added support for TLS extended master secret extension (RFC 7627).
• TLS Core: Fixed handling of NoRenegotiation alert.
• TLS Core: Fixed rare race condition when closing TLS 1.2 socket.
• Common: Improved internal asynchronous infrastructure for old platforms.

R6.4 #

(version 6.0.8181 from 2022-05-25)

Support for .NET 6.0 on Android and iOS

Support for mobile platforms in .NET 6.0 has finally arrived, slightly masquaraded as .NET MAUI. Rebex libraries now support these new platforms as well.

Optimized AEAD ciphers in TLS and SSH

ChaCha20/Poly1305 and AES/GCM ciphers have been slightly optimized on all platforms.

Detailed list of changes:

• All: Added support for .NET 6.0 on Android.
• All: Added support for .NET 6.0 on iOS.
• File Server: Throwing IOException in custom command API when attempt is made to send data over a shutdown SSH channel.
• File System: Optimized memory consumption of internal thread-local variables.
• SSH: Fixed behavior of TryPasswordFirst option with servers that support 'publickey' and 'keyboard-interactive' but not 'password'.
• SSH: Optimized AEAD ciphers in SSH.
• TLS Core: Optimized AEAD ciphers in TLS.
• TLS Core: Optimized CPU usage in TLS 1.3 data flow.
• TLS Core: Optimized scenario when the remote party requires TLS 1.2 (or lower TLS version) and TLS 1.3 is enabled.
• TLS Core: Optimized TLS 1.3 key derivation functions.
• Cryptography: Added support for NTLM plugin for non-Windows platforms.
• Cryptography: Added workaround for buggy RSACryptoServiceProvider in .NET 6.0 on Android.
• Cryptography: Enhanced workarounds for slightly misbehaved certificate validator in .NET 6.0 on Android.
• Cryptography: Fixed exporting of DSA keys on Windows XP SP3.
• Cryptography: Optimized ChaCha20Poly1305 internals.
• Cryptography: Optimized internal AEAD interfaces.
• Cryptography: Working around RSA private key access issue in .NET 6.0 on Android.
• Common: Improved inner exception rethrow logic on .NET Framework 3.5/4.0.
• Common: Optimized internal data buffer methods.

R6.3 #

(version 6.0.8123 from 2022-03-28)

Maintenance release

This is a maintenance release that brings several enhancements and resolves some issues.

Detailed list of changes:

• SFTP: Added Settings.GetFileOpenRemoteFirst option. When enabled, the local file is only created by GetFile/Download methods after the remote file has been successfully opened.
• SFTP: Added Sftp.​Settings.​EnableDirectoryAsFileWorkaround option (workaround for AWS FTP Transfer with S3 storage that misreports some directories as files).
• SFTP: Added Sftp.​Settings.​EnableMissingCreateTimeWorkaround option.
• SFTP: Fixed Sftp.​Settings.​UseReadWriteModeForDownloads option behavior.
• SFTP: When appending/resuming in Download method, FileMode.Open is used instead of OpenOrCreate.
• File Server: Fixed FileServer.​Settings.​SendBufferSize/​ReceiveBufferSize on modern platforms.
• File Server: Fixed inconsistency between NodePath.GetHashCode and NodePath.Equals methods caused by the case-insensitive logic in GetHashCode method.
• Networking: Added ProxySocket.Bind(Socket) protected method to allow more customization.
• SSH: Improved workaround for very old versions of Bitvise server that don't properly handle SSH channel closing.
• TLS Core: Added TlsSocket.CloseAsync method (alias for DisposeAsync method).
• TLS Core: Fixed occasional (rare) premature termination of the TLS connection when a remote party does not support TLS 1.3.
• TLS Core: Improved protocol mismatch detection.
• TLS Core: Optimized asynchronous Send/Receive operation in TLS 1.3.
• Cryptography: Improved Poly1305 internals.
• Cryptography: Slightly optimized encrypt/decrypt operations in symmetric branch of the CNG/BCrypt interop layer.
• Cryptography: Small optimization in ARM (Advanced NEON SIMD) implementation of ChaCha20.
• Common: Fixed rare premature finalization of a buffer in SSPI interop that might lead to an AccessViolationException.
• Common: Improved internal asynchronous infrastructure.

R6.2 #

(version 6.0.8060 from 2022-01-24)

Maintenance release

This is a maintenance release that brings several enhancements and resolves some issues.

Detailed list of changes:

• File System: Fixed handling of FileSystemException in the iterator from VFS provider's GetChildren method.
• Networking: Fixed timeout handling during name resolution.
• TLS Core: Fixed handling of TLS 1.3 signature_algorithms_cert extension.
• TLS Core: Optimized temporary object usage in TLS 1.3 Send/Receive metods.
• Cryptography: Fixed releasing of CNG handles in AES/GCM interop (issue only present in R6.1 on Windows).

R6.1 #

(version 6.0.8044 from 2022-01-08)

Maintenance release

This is a maintenance release that brings several enhancements and resolves some issues.

Detailed list of changes:

• All: Fixed compatibility of Rebex binaries for .NET Framework 4.0 with ASP.NET 4.5 or higher.
• File Server: Fixed possible NullReferenceException in ServerSession.SendMessage method.
• File System: Added FileSystemNotifier.Provider property.
• File System: Fixed Path property in nodes created under mounted directories.
• TLS Core: Optimized receive operation in TLS 1.3.
• TLS Core: Slight optimizations in TLS 1.3 on modern platforms.
• Cryptography: Caching of CNG algorithm provider handles.
• Cryptography: Fixed Certificate.​GetSignatureHashAlgorithm() for certificates signed by Ed25519 authorities.
• Cryptography: Fixed unmanaged resource leak in CertificateStore.
• Cryptography: Optimized symmetric branch of Windows CNG (BCrypt) interop layer.

R6.0 #

(version 6.0.8000 from 2021-11-25)

Support for .NET 6.0!

This release adds a new set of binaries targeting .NET 6.0. It supports all .NET 6.0 platforms:

• Windows (x64, x86, ARM64)
• Linux (x64, ARM32, ARM64)
• macOS (x64)

Please note that support for Android and iOS/tvOS in .NET 6.0 is still in preview mode. We will fully support these platforms as soon as the corresponding .NET 6.0 update is published.

Removed deprecated APIs

In this major release, we removed some APIs that have been deprecated for a very long time and seldom used. We will publish an article soon detailing these changes. In the meantime, if this affects you, please keep using release R5.7, and let us know. (R5.x will be supported until 2023-10-10.)

Support for reverse SSH tunnels

Finally, Rebex File Server supports incoming tunnels via SSH, also known as reverse port forwarding. Use FileServer.Settings.EnableReverseTunneling to enable this feature.

New Rebex.IO API

We added a set of new classes to Rebex.IO namespace that make it possible to access files and directories in custom file system providers using a simple API that resembles System.IO. The new classes are VFile, VFileInfo, VDirectory, VDirectoryInfo, VFileSystemInfo, VDriveInfo and VFileStream, and they are provided by Rebex.FileSystem assembly.

Support for ECDSA X.509 certificates in SSH

Added support for 'x509v3-ecdsa-sha2-nistp256', 'x509v3-ecdsa-sha2-nistp384' and 'x509v3-ecdsa-sha2-nistp521' SSH host key and client key algorithms (as specified by RFC 6187).

Changes in Rebex.Terminal assembly

Due to Microsoft's decision to drop support for most of System.Drawing on non-Windows platforms in .NET 6.0, we decided to slightly restructure our Rebex.Terminal assembly to accommodate for this.

Therefore, TerminalControl, TerminalFont and related classes were moved to a separate assembly called Rebex.Terminal.Control, along with image-based or font-based functionality previously available in ITerminal and VirtualTerminal classes (these are now available via VirtualTerminalExtensions class with a slightly modified API with TerminalImageFormat instead of TerminalCaptureFormat).

We also split seldom-used SerialPortChannel class to a dedicated Rebex.Terminal.SerialPort assembly.

Additionally, we removed SshTerminalControl and TelnetTerminalControl classes, which extend TerminalControl. If you use these classes, just add the replacement SshTerminalControl.cs or TelnetTerminalControl.cs files to your application - these are available as part of SshSimpleWinFormClient/TelnetSimpleWinFormClient sample apps (VB.NET versions are available as well).

If these changes prevent you from upgrading, please keep using release R5.7 and let us know. (R5.x will be supported until 2023-10-10.)

Updated default settings

We changed default values of some settings. For example, UTF-8 is now ubiquitous, so it makes sense to prefer it by default. Of course, you can still revert the corresponding settings to previous values.

Detailed list of changes:

• All: Added a new set of binaries targeting .NET 6.0.
• All: Removed several obsolete and deprecated APIs.
• All: Removed support for legacy ISerializable interface from binaries for .NET Standard.
• SFTP: Added Settings.EnableChecksumVerification option.
• SFTP: Changed default value of Sftp.Encoding to UTF-8.
• SCP: ScpSettings.​EnablePutFilesRemotePathWorkaround set to 'false' by default.
• File Server: Added support for incoming tunnels (also known as reverse tunneling or SSH port forwarding).
• File System: Added simple API (resembling System.IO) for working with contents of custom virtual file system providers.
• Terminal: Moved SerialPortChannel class to Rebex.Terminal.Serial assembly.
• Terminal: Moved TerminalControl and related classes to Rebex.Terminal.Control assembly.
• SSH: Added support for SSH key algorithms based on ECDSA X.509 certificates (RFC 6187).

R5.7 #

(version 5.0.7999 from 2021-11-24)

Support for .NET 6.0 and Windows 11

Windows 11 is now a supported platform.

Rebex assemblies targeting .NET Standard 2.1 now support .NET 6.0.

Support for PuTTY PPK3 key format

SshPrivateKeyclass, PrivateKeyInfo class and Certificate.SavePrivateKey method now support PuTTY's new PPK version 3 private key format.

Support for 'x509v3-rsa2048-sha256' SSH cipher

Added support for 'x509v3-rsa2048-sha256' SSH host key and client key algorithm (X.509 certificate with RSA key, as specified by RFC 6187).

Improved Deflate compression performance

Deflate compression performance has been improved (mostly on modern platforms). This improves performance of SSH layer (when compression is enabled).

Detailed list of changes:

• All: Added support for .NET 6.0 on Windows, Linux and macOS.
• All: Added support for Windows 11.
• File System: Added new constructor to LocalFileSystemProvider, MemoryFileSystemProvider and MountCapableFileSystemProvider that accepts FileSystemSettings.
• File System: Optimized VFS internals.
• SSH: Added support for PuTTY PPK3 format to SshPrivateKey.
• SSH: Added support for 'x509v3-rsa2048-sha256' SSH key algorithm (RSA X.509 certificates, RFC 6187).
• SSH: Added workaround for a server with broken SSH window size handling logic.
• SSH: Fixed handling of oversized data packets from servers with broken window size.
• TLS Core: Improved TLS 1.3 performance.
• Cryptography: Added more values to X.509 RevocationReason enum.
• Cryptography: Added support for private keys in PuTTY PPK3 format (uses Argon2 key derivation function).
• Cryptography: Added workaround for Google's CRLs with non-constructed explicit ASN.1 nodes.

R5.6 #

(version 5.0.7970 from 2021-10-26)

Support for .NET 6.0 RC2

Rebex assemblies targeting .NET Standard 2.1 have been fully tested on .NET 6.0 RC2 and are suitable to be used in production on Microsoft's latest .NET platform ahead of the official release.

Maintenance release

This release brings several enhancements and resolves issues in virtual file system API and server-side SFTP.

Detailed list of changes:

• All: Added support for .NET 6.0 RC2.
• SCP: Fixed compatibility of legacy Scp class with recent OpenSSH releases.
• File Server: Fixed compatiblity between WinSCP's SFTP v5 implementation and writable non-seekable custom streams.
• File System: Fixed internal reader-writer lock in virtual file system provider that could cause a deadlock in some scenarios with multiple parallel operations.
• SSH Shell: Enhanced debug logging of response reading timeouts in Shell class.
• TLS Core: Fixed possible NullReferenceException in TLS 1.2 socket after it has been closed.
• TLS Core: Improved handling of exceptions in TlsSocket.Send method.
• Cryptography: Fixed handling of RSAParameters without DP/DQ in AsymmetricKeyAlgorithm and PrivateKeyInfo.
• Cryptography: Fixed loading of encrypted keys with empty passwords in new OpenSSH format.
• Cryptography: Small optimization in AVX2 implementation of ChaCha20.

R5.5 #

(version 5.0.7900 from 2021-08-17)

New binaries for .NET Core 3.1

We added a new set of binaries targeting .NET Core 3.1. We have already been supporting that platform since 2019 via .NET Standard 2.1. However, the new set of binaries utilizes .NET Core's hardware intrinsics API and features our fast ChaCha20/Poly1305 implementation that has been previously only available on .NET 5.0.

For an overview of available binaries and supported platforms, check out Rebex Support Lifecycle KB article.

Fixed permission requested for 'rename' operation

When renaming a file, FileServer now requests read permission in addition to delete for the source path in PathAccessAuthorization event.

Detailed list of changes:

• All: Added 'netcoreapp3.1' binaries.
• All: Fixed compatibility with UWP and .NET Native compiler.
• File Server: Added ServerEndPoint and ServerAddress properties to relevant server event arguments and ServerSession class.
• File Server: Requesting 'Read' permission in addition to 'Delete' for source path of rename operation in PathAccessAuthorization event.
• Terminal: Added TerminalOptions.​WaitForCloseConfirmation option.

R5.4 #

(version 5.0.7888 from 2021-08-05)

Maintenance release

This release resolves several issues and adds several features.

Detailed list of changes:

• SFTP: SFTP v4 error code are interpreted as unknown error in SFTP v3.
• SSH Shell: Added Ssh.Settings.UseLargeBuffers option.
• Networking: Fixed casing in 'Basic' HTTP proxy authorization header.
• TLS Core: Fixed parsing of TLS 1.3 Certificate handshake message spanning multiple records.
• Cryptography: Fixed Certificate.FriendlyName setter in .NET 5.0 on non-Windows platforms.

R5.3 #

(version 5.0.7840 from 2021-06-18)

Fixed FIPS-mode detection in .NET 4.8

This release fixes an issue in FIPS-mode detection routine that was not working properly in applications targeting .NET Framework 4.8 due to a change in the framework's behavior. This only affects applications targeting .NET Framework 4.8. Applications targeting earlier framework versions do not suffer from this issue even when running on .NET Framework 4.8.

If your application targets .NET Framework 4.8 and is supposed to honor system-wide FIPS mode settings, either upgrade to this release, or set Rebex.Security.Cryptography.CryptoHelper.UseFipsAlgorithmsOnly to System.Security.Cryptography.CryptoConfig.AllowOnlyFipsAlgorithms in your application's startup code.

Server-side SFTP v5 support

Rebex SFTP Server (FileServer class) supports SFTP v5 now. This improves compatibility with WinSCP client, which requires SFTP v5 to enable File Hashing extension that makes it possible to calculate checksums of remote files.

Detailed list of changes:

• File Server: Added support for SFTP v5.
• File Server: Fixed compatibility issues in SCP protocol.
• File System: Fixed obfuscated method names in FileSystemProvider log.
• File System: MountCapableFileSystemProvider's FileSystemNotifier raises GetAttributesPreview, GetAttributesSurrogate and GetAttributesCompleted events for mounted directories.
• File System: Tweaked handling of non-seekable streams supplied to NodeContent.CreateReadOnlyContent method.
• SSH: Fixed race condition in OpenSSH-style compression startup code (occasionally caused connection failures during authentication with SSH compression was enabled).
• TLS Core: Added SslSettings.​SetPreferredSuites/​GetPreferredSuites methods to make it possible to specify client-side TLS cipher preference.
• TLS Core: Improved logging when remote party does not support TLS 1.3.
• TLS Core: Optimized TlsSocket.Negotiate method when TLS 1.3 is enabled but not supported by the remote side.
• TLS Core: Prevented 'unobserved' exceptions in task-based TLS 1.2 core.
• Cryptography: Added support for private keys using PBKDF2 with HMAC/SHA-2 (RFC 8018 / PKCS #5 v2.1).
• Cryptography: Fixed detection of FIPS-only systems on .NET Framework 4.8.
• Cryptography: Optimized creation of algorithm objects in CNG layer.

R5.2 #

(version 5.0.7800 from 2021-05-09)

New ChaCha20Poly1305 class

This release features the new ChaCha20Poly1305 class that implements the 'combined mode' AEAD cipher consisting of ChaCha20 stream cipher and Poly1305 authenticator, as specified by RFC 7539.

Improved performance of AES/CTR ciphers in SSH

AES/CTR is now faster on all platforms.

Faster ChaCha20/Poly1305 on older platforms

We further improved performance of ChaCha20/Poly1305 in TLS and SSH on older platforms. It's not as fast as our .NET 5.0 implementation using AVX2 or Advanced NEON SIMD, but it's faster than ever before.

Detailed list of changes:

• File Server: Fixed error handling in SSH session's periodic timer callback.
• File Server: Fixed handling of failed sessions to make sure they are removed from the sessions collection.
• File Server: Updated SshConsole.Clear() method to reset cursor position in addition to clear the screen.
• File System: Fixed handling of non-seekable streams supplied to NodeContent CreateReadOnlyContent method.
• Terminal: Adapted behavior of "Erase Screen" to match usual terminal behavior (does not reset cursor position).
• Networking: Added support for SOCKS5 servers that respond with domain name.
• SSH: Optimized usage of ChaCha20/Poly1305 in SSH.
• Cryptography: Added ChaCha20Poly1305 class that implements ChaCha20/Poly1305 with an API that resembles .NET's AesGcm class.
• Cryptography: Added support for loading of ECDSA certificates from PFX/P12 files in .NET 5.0 and .NET Standard 2.1 on Linux and macOS.
• Cryptography: Added support for saving to PFX/P12 files for certificates with temporarily associated private keys in .NET 5.0 and .NET Standard 2.1 on Linux and macOS.
• Cryptography: AVX2 implementation of ChaCha20 releases old pre-generated keystream immediately after reinitialization.
• Cryptography: Clearing output data in AesGcm class when authentication tag is invalid.
• Cryptography: Fixed parsing of Cryptographic Message Syntax envelopes with unsupported OIDs.
• Cryptography: Improved ChaCha20/Poly1305 performance on .NET 3.5-4.6 and .NET Standard 2.x.
• Cryptography: Improved performance of AES/CTR ciphers (used in SSH).
• Common: Improved error handling when raising events via synchronization context.

R5.1 #

(version 5.0.7733 from 2021-03-03)

Simplified release naming

We decided to drop the year from our release naming scheme. Instead of '2020 R5.1', this release is called just 'R5.1', and the forthcoming releases will use the same 'R5.x' naming scheme until the next major upgrade.

Faster ChaCha20/Poly1305 in .NET 5.0

By utilizing AVX2 (on Intel/AMD) or Advanced NEON SIMD (on ARM) via .NET's new hardware intrinsics API in .NET 5.0, we made our ChaCha20/Poly1305 implementation in SSH and TLS much faster. On ARM64, ChaCha20/Poly1305 is now even faster than Windows native AES/GCM.

This release improves ChaCha20/Poly1305 performance on older platforms as well, although not by such a big margin.

Improved compatibility of File Server with WinFsp/SSHFS

For some reason, when WinFsp/SSHFS performs a rename operation on a mounted SFTP filesystem, it first opens the file being renamed. This caused the rename operation to fail with Rebex SFTP Server, because we were opening files without specifying the file sharing mode that would allow this. We changed this, and Rebex File Server is now compatible with SSHFS by default.

To restore the previous behavior, set FileServer.Settings.FileShareMode to FileShare.Read.

Detailed list of changes:

• All: Changed release naming scheme ('R5.1' instead of '2020 R5.1').
• File Server: Added FileServer.Settings.FileShareMode property to make it possible to specify file share mode for opened files.
• File Server: Added ShellCommandEventArgs.Raw property (contains unparsed arguments for custom command).
• File Server: Fixed behavior of FileServer.Unbind(EndPoint) method.
• File Server: Fixed race condition when closing outstanding file handles during SFTP channel closure.
• File Server: Changed default value for Settings.KeepAlivePeriod to 300 seconds.
• File Server: Improved error messages when no SSH server keys or bindings were specified when starting the server.
• File System: Fixed return type of Move and Rename operations in FileSystemProvider when using instances of classes derived from DirectoryNode and FileNode.
• File System: Length property of a Stream returned from LocalFileSystemProvider is updated properly after a write operation.
• File System: MountCapableFileSystemProvider allows 'Move' operation between different mounted file system providers.
• Terminal: Added workarounds for badly-positioned fonts (Cascadia).
• Terminal: Fixed behavior of TerminalControl when dragging window between screens with different DPI settings (.NET 5.0 only).
• Terminal: Fixed compatibility of TerminalControl.CursorStyle with Visual Studio's form designer.
• Networking: Added workaround for rare WSAEWOULDBLOCK error on Mono in Socket.Connect.
• Networking: More meaningful exception is throw when attempting to use HTTP CONNECT proxy with NTLM authentication on platforms that don't support it.
• Networking: Optimized timeout infrastructure in ProxySocket.Connect.
• SSH: Added workaround for WingFTPServer server that uses 'ssh-rsa' with SHA-2 when client announces RSA/SHA-2 support.
• SSH: Fixed format of SshPublicKey.GetPublicKey() response for public keys initialized from PublicKeyInfo or AsymmetricAlgorithm.
• SSH: Fixed handling of unknown channel requests (not sending reply if not requested).
• TLS Core: Added VerifyMessage signature algorithm logging in TLS 1.3.
• TLS Core: Close/Dispose method called on TLS 1.3 socket ensures that all outstanding IO operations are canceled before the control is returned to the caller.
• TLS Core: Fixed possible rare NullReferenceException when closing TLS 1.3 session.
• TLS Core: Synchronous methods on TlsSocket wrap TaskCanceledException to TlsException.
• Cryptography: Added workaround to Certificate.LoadDer method to enable loading of certificates in PKCS #7 containers.
• Cryptography: Enhanced implicit operator for conversion of Certificate->X509Certificate2 to retain private keys on non-Windows platforms as well.
• Cryptography: Fixed Ed25519 PKCS #8 key structure (now compatible with OpenSSL).
• Cryptography: Optimized memory usage in symmetric encryption transformations based on Windows CNG API.
• Cryptography: Substantial speed-up of ChaCha20/Poly1305 (used in SSH and TLS). Utilizing AVX2 or Advanced NEON SIMD on .NET 5.0 (if available).
• Common: Accelerated common byte array operations in .NET 5.0 on devices with AVX2 support.

2020 R5 #

(version 5.0.7620 from 2020-11-10)

Support for .NET 5.0!

This release adds a new set of binaries targeting .NET 5.0. It supports all .NET 5.0 platforms:

• Windows (x64, x86, ARM64)
• Linux (x64, ARM32, ARM64)
• macOS (x64)

Support for Ed25519 X.509 certificates in TLS 1.3

We added support for TLS 1.3 with X.509 certificates using Ed25519 algorithm (EdDSA on edwards25519 curve) to all Rebex libraries with TLS support.

However, due to limitations of .NET and all supported operating systems, a custom certificate validator is needed to validate Ed25519 certificates.

Built-in Ed25519 support

We have already been supporting Ed25519 (EdDSA on edwards25519 curve) in SSH for several years, but an external plugin was needed to make it work. That is no longer case, and ssh-ed25519 SSH cipher works out-of-the-box.

SSH tunnel improvements

SSH tunnels can now be created with TCP_NODELAY option (use Ssh.Settings.SetNoDelayForTunnelSockets option) and a new Ssh.TunnelError event has been added for handling tunnel errors.

New AES/GCM API

Our new Rebex.Security.Cryptography.AesGcm class resembles .NET 5.0's class of the same name, but it's available on all supported platforms including .NET Framework 3.5/4.0 and Mono 5/6.

Detailed list of changes:

• All: Added support for .NET 5.0 on all platforms.
• File Server: Increased SFTP receive buffer size.
• File System: Added IsDelayedWriteContent and IsImmediateWriteContent properties to the NodeContent class.
• File System: FileSystemNotifier raises SaveContentSurrogate event for 'delayed write' instances of the NodeContent that have been created previously in the handler of the GetContentSurrogate event or GetContentCompleted event.
• File System: Optimized critical sections in virtual file system providers.
• File System: Optimized handling of small files in MemoryFileSystemProvider.
• File System: Optimized internal communication between virtual and physical file systems.
• File System: Optimized memory usage in the MemoryFileSystemProvider under typical scenarios.
• File System: SetContent method in the LocalFileSystemProvider file nodes now truncates the underlying file before writing the new content (does not affect SFTP).
• File System: Virtual file system providers throw a FileSystemException when a source node is same as a target node.
• SSH Shell: Added Ssh.​Settings.​SetNoDelayForTunnelSockets option to enable TCP_NODELAY option for tunnel sockets.
• SSH Shell: Added Ssh.TunnelError event for handling tunnel errors.
• TLS Core: Added support for X.509 certificates with Ed25519 keys to TLS 1.3.
• TLS Core: Improved exception messages in TLS 1.3.
• Cryptography: Added built-in support for Ed25519 algorithm.
• Cryptography: Added Rebex.Security.Cryptography.AesGcm class (equivalent to .NET 5.0's AesGcm class, but available on all platforms including .NET Framework 3.5).
• Cryptography: Added SetOtherNames/GetOtherNames methods to CertificateInfo class ('Other Name' support in SANs).
• Cryptography: AsymmetricKeyAlgorithm.ImportKey method can initialize Ed25519 key from seed (in addition to private key).
• Cryptography: AsymmetricKeyAlgorithm.Register method made thread-safe.
• Cryptography: Deprecated CryptoHelper.ForceManagedAes property.
• Cryptography: Enhanced compatibility with unsupported legacy versions of CryptoAPI.
• Cryptography: Enhanced SignedData.Load(Stream) and EnvelopedData.Load(Stream) methods to support Base64-encoded format (PEM) as well.
• Cryptography: Enhanced workaround for RSA CSPs with lack of SHA-2 support.
• Common: Added SspiAuthentication.IsSupported method.
• Common: Enhanced EncodingTools helper class to always provide Encodings with implemented HeaderName, EncodingName and BodyName properties.

2020 R4 #

(version 5.0.7579 from 2020-09-30)

Fully tested on .NET 5.0 RC1

Rebex assemblies targeting .NET Standard 2.1 have been fully tested on .NET 5.0 RC1 and are suitable to be used in production on Microsoft's latest .NET platform.

Maintenance release

This is a maintenance release with enhancements in the shared functionality.

Detailed list of changes:

• All: Fixed several minor compatibility issues on .NET 5.0 RC1.
• File Server: Added workarounds for incompatibilities in SSH renegotiation with JSCH, SSH.NET and very old OpenSSH.
• File Server: Enhanced FileServer infrastructure API to make it possible to start SFTP/SSH session on a pre-connected Socket.
• File Server: Enhanced virtual shell's mkdir command to support '-p' option.
• File Server: Fixed algorithm support check when adding an Ed25519 key to FileServer.Keys collection.
• File Server: Fixed behavior of SSH_FXP_MKDIR on non-Windows operating systems.
• File System: Added Length property to the NodeContent class.
• File System: Added OriginalNode property to FileSystemNotifier.RenameCompleted event argument.
• File System: Added SaveContentPreview, SaveContentSurrogate and SaveContentCompleted events to virtual file systems.
• Networking: Restored missing NetworkSession.InstanceId property.
• TLS Core: Fixed concurrent access in server-side TLS session cache.
• TLS Core: Fixed normalization of premaster secret in server-side ECDH calculations in TLS 1.2 and earlier.
• TLS Core: Updated TlsCipherSuite.Secure/Weak/Fast enum values. Updated TlsParameters.AllowedSuite default.
• Cryptography: Added Ed25519 support to Certificate class. (Not yet supported by the built-in certificate validator due to lack of support in Windows and .NET).
• Cryptography: Fixed handling of non-content data in Certificate(byte[]) constructor and CertificateChain.LoadP7b(Stream) / CertificateRevocationList.​Load(Stream) methods.
• Cryptography: Fixed parsing of constructed primitive ASN.1 types with more than two layers of nesting.
• Cryptography: Fixed version number in PKCS #10 CertificationRequest structure.
• Cryptography: Prohibited usage of Chacha20/Poly1305 in TLS 1.3 in FIPS-only mode. (Already prohibited in TLS 1.2 or earlier.)
• Cryptography: Updated RSAManaged constructor logic to make it suitable as a base for derived classes on .NET Framework in FIPS-compliant mode.
• Cryptography: Using Windows CNG API for Diffie-Hellman parameter generation on Windows 10 and Windows Server 2016/2019.
• Common: Optimized internal cancellation infrastructure on old platforms.
• Common: Removed usage of BinaryFormatter which has been found to be insecure.
• Common: Updated EncodingTools.GetEncoding method to prefer encodings provided by .NET.

2020 R3 #

(version 5.0.7501 from 2020-07-14)

Binaries for .NET Standard 2.1

We added a new set of binaries targeting .NET Standard 2.1. They are suitable for .NET Core 3.1 and .NET 5.0 Preview 6, on Windows, Linux and macOS.

For an overview of available binaries and supported platforms, check out Rebex Support Lifecycle KB article.

Detailed list of changes:

• All: Added binaries targeting .NET Standard 2.1.
• SFTP: Added workaround for misbehaving SSH_FXP_STAT on DataPowerSSH servers (SftpSettings.​EnableBrokenDirectoryStatWorkaround option).
• File Server: Added support for anonymous authentication.
• File Server: Fixed handling of unknown SSH packets received before authentication.
• File Server: Changed SSH cipher info logging style (unified with client-side SSH).
• File Server: Workaround for very old OpenSSH 4.x/5.x clients that refuse to accept data packets while SSH renegotiation is in progress.
• SSH Shell: When TerminalOptions.LocalEcho is enabled, echo opcode is requested on SSH channel.
• SSH: Enhanced legacy group exchange autodetection.
• TLS Core: Added TlsSocket.ApplicationProtocol property to make it possible to determine protocol negotiated using ALPN extension.
• TLS Core: Always preferring RSA/SHA-2 for client certificate authentication in TLS 1.2.
• TLS Core: Disabled ciphers based on AES/CBC and SHA-2 in legacy versions of TLS (they are only specified by TLS 1.2).
• TLS Core: Fixed availability of TLS 1.3 session tickets (client side).
• TLS Core: Fixed handling of multiple concurrent Receive or Send method calls in TLS 1.3.
• TLS Core: Fixed handling of TLS 1.3 KeyUpdate handshake message.
• TLS Core: Fixed server name handling for TlsSocket instances created from an already-connected Socket.
• TLS Core: Fixed TlsException.Status to return ConnectionClosed for connection-closed errors.
• TLS Core: Fixed TlsException.Status to return Timeout for timeout errors.
• TLS Core: Fixed TlsSocket.ClientCertificate that returned an empty chain instead of null in some scenarios.
• TLS Core: Improved error message when server certificate is rejected in TLS 1.3.
• TLS Core: Improved error messages in TLS 1.3.
• TLS Core: Logging improvements.
• TLS Core: No longer sending 'internal error' alert to remote end on timeout.
• TLS Core: Optimized TLS 1.3 internals.
• TLS Core: TLS 1.3 initiates key update properly (before the AEAD limits are reached).
• TLS Core: Unified behavior of the Receive and ReceiveAsync methods across TLS versions.
• Cryptography: Fixed encoding of ECDSA signatures in PKCS #7 CertificationRequest structure.
• Cryptography: Memory usage optimizations in CNG layer.
• Cryptography: On Windows 10 and Windows Server 2016 or higher, Windows CNG API is used for classic Diffie-Hellman calculations instead of legacy Windows CryptoAPI.
• Cryptography: Optimized disposing of temporary keys in Certificate class.

2020 R2 #

(version 5.0.7450 from 2020-05-24)

Support for AES/GCM, ChaCha20/Poly1305 and EtM MAC ciphers in SFTP/SSH server

This release adds support for the following modern SSH AEAD encryption ciphers to Rebex File Server:

• aes128-gcm@openssh.com
• aes256-gcm@openssh.com
• chacha20-poly1305@openssh.com

It also adds support for the following encrypt-then-MAC ciphers:

• hmac-sha2-256-etm@openssh.com
• hmac-sha2-512-etm@openssh.com

Detailed list of changes:

• File Server: Added FileServerSettings.​EnableEventsForFailedTransfers option.
• File Server: Added ServerSession.Cipher property to make it possible to determine SSH ciphers used by each session.
• File Server: Added support for AEAD encryption ciphers ('aes128-gcm@openssh.com', 'aes256-gcm@openssh.com' and 'chacha20-poly1305@openssh.com').
• File Server: Added support for encrypt-then-MAC ciphers ('hmac-sha2-256-etm@openssh.com' and 'hmac-sha2-512-etm@openssh.com').
• File Server: Enhanced handling of 'pty-req' and 'window-change' SSH channel requests - wrong values are rejected.
• File Server: Enhanced ShellModule class to make it possible to implement custom SSH subsystems.
• File Server: Fixed client authentication using X.509 certificates.
• File Server: Fixed handling of unknown SSH packets.
• File Server: Virtual shell now treats the line-feed character as end-of-line indicator in addion to carriage-return character.
• SSH Shell: Added LocalEndPoint and RemoteEndPoint properties to SshTunnel class.
• Terminal: Improved TerminalControl.Bind method behavior to prevent needless locking.
• SSH: Added new properties to SshCipher to make it possible to determine IDs of active ciphers.
• SSH: Added workaround for a weakness in legacy CBC ciphers.
• TLS Core: Enhanced TlsSocket.Timeout property to apply to subsequent Send, SendAsync, Receive and ReceiveAsync methods even when TLS is already active.
• TLS Core: Fixed availability of TLS 1.3 session ticket when the receive side of the connection has already been closed.
• TLS Core: Fixed behavior of server-side DoNotCacheSessions option (which previously led to connection failures).
• TLS Core: Fixed some cases of missing AggregateException unwrapping.
• TLS Core: Improved and unified behavior of TlsSocket Shutdown/ShutdownAsync methods when negotiation has not been started.
• TLS Core: Improved TLS exception reporting.
• TLS Core: Logging improvements.
• TLS Core: Optimizations in TLS 1.3 internals.
• TLS Core: Support for the TLS 1.3 record with empty application data payload and random padding.
• TLS Core: Unified TlsSocket.Cipher property behavior across TLS versions.
• Cryptography: Added ContentInfo.ToStream() method.
• Cryptography: Enhanced Certificate.LoadDerWithKey to support RSASSA-PSS and RSAES-OAEP for RSA keys.
• Cryptography: Fixed AsymmetricKeyAlgorithm.​GenerateDiffieHellmanParameters slowness (only affected the previous release).
• Cryptography: Improved AsymmetricKeyAlgorithm to support RSASSA-PSS and RSAES-OAEP with keys loaded via ImportKey method.
• Cryptography: Optimized Certificate and CertificateChain class to only consume native resources when needed.
• Cryptography: Optimized CNG handles cleanup.

2020 R1.1 #

(version 5.0.7390 from 2020-03-25)

Fixed a renegotiation issue that could lead to decryption error

After we started using Windows 10's native X25519 curve support, the shorter duration of SSH key exchange uncovered a bug that occasionally causes an SSH session failure following an SSH renegotiation. The issue manifested itself as a decryption error at the client side. The cause of this problem has now been fixed. If you are currently using Rebex File Server 2020 R1, upgrading to 2020 R1.1 is recommended.

Reintroducing fast Diffie-Hellman on Xamarin.Android

Until 2019 R4.2, Rebex binaries for Xamarin.Android platforms used Android's cryptographic API for Diffie-Hellman calculations. However, this functionality is no longer available in current Rebex binaries targeting Xamarin.Android via .NET Standard 2.0. To make it possible to use the faster Diffie-Hellman implementation on Xamarin.Android again, we have added it to our native extensions library. Once enabled, it will make Diffie-Hellman key exchange in TLS and SSH as fast on Xamarin.Android as before.

Detailed list of changes:

• SFTP: Fixed an issue in GetItems() method that caused file system items with an unknown type to not be filtered according to the specified mask.
• File Server: Fixed a renegotiation issue that could lead to decryption error.
• File Server: Fixed FileServer.Stop() method to no longer fail with 'The specified socket is already in use' error in rare scenarios.
• File Server: Fixed partial authentication message processing to ensure no authentication method is used twice during a single authentication session.
• File Server: Fixed reporting of writable permissions for read-only items.
• Networking: Fixed rare race condition in TLS and SSH internals.
• TLS Core: Fixed breaking changes in the behavior of seldom-used parts of TlsSocket API.
• TLS Core: Fixed handling of OperationCanceledException in TLS 1.3 core.
• TLS Core: Improved TLS logging.
• Common: Added DiffieHellmanNative class to Rebex.Common.Native assembly (speeds up Diffie-Hellman calculations on Xamarin.Android).

2020 R1 #

(version 5.0.7357 from 2020-02-21)

.NET Standard 2.0 on Xamarin.Android and Xamarin.iOS

Rebex binaries targeting .NET Standard 2.0 are now supported on Xamarin.Android and Xamarin.iOS. Previously-available binaries targeting specific Xamarin platforms have been deprecated, and .NET Standard 2.0 binaries should be used instead.

Note: Applications that require certificate validation also need to use the new Rebex.Common.Native.dll assembly which provides validation of X.509 certificates on Xamarin.Android and Xamarin.iOS.

ChaCha20-Poly1305 support in TLS 1.3 and 1.2

Our TLS 1.3/1.2 core now supports the following ChaCha20-Poly1305 cipher suites:

• TLS_CHACHA20_POLY1305_SHA256 (TLS 1.3)
• TLS_​DHE_​RSA_​WITH_​CHACHA20_​POLY1305_​SHA256 (TLS 1.2)
• TLS_​ECDHE_​RSA_​WITH_​CHACHA20_​POLY1305_​SHA256 (TLS 1.2)
• TLS_​ECDHE_​ECDSA_​WITH_​CHACHA20_​POLY1305_​SHA256 (TLS 1.2)

To enable these ciphers, use Settings.SetSymmetricCipherSuites(...) method for TLS 1.3 and Settings.SslAllowedSuites property for TLS 1.2.

Native X25519 elliptic curve support on Windows 10

On Windows 10, Windows Server 2016 and Windows Server 2019, Rebex libraries using ECDH key exchange in TLS or SSH now support X25519 curve (also known as Curve25519) without any external plugins.

Better Elliptic Curve Diffie-Hellman support on Windows 10

On Windows 10, Windows Server 2016 and Windows Server 2019, Rebex libraries now fully supports ECDH key exchange without having to rely on external plugins and workarounds.

End of Standard Support for .NET Framework 2.0 and 3.0

2019 R4.2 was the last release to include support for .NET Framework 2.0 and 3.0 in the standard package. Customers using these platforms are advised to migrate to .NET Framework 3.5 SP1, which will enjoy mainstream support until 2023-10-10.

For customers who are unable to migrate, a Legacy Edition of Rebex libraries for .NET Framework 2.0/3.0 is available.

Deprecated .NET Core 1.0/1.1

.NET Core 1.1 and 1.0 became end-of-life platforms at 2019-06-27. In accordance with our framework support policy, they are no longer supported by Rebex libraries. Customers using these platforms are advised to migrate to .NET Core 2.1 or .NET Core 3.1.

Detailed list of changes:

• All: Binaries targeting .NET Standard 2.0 now support Xamarin.Android and Xamarin.iOS.
• All: Deprecated binaries targeting .NET Standard 1.5, Xamarin.Android and Xamarin.iOS.
• All: Fixed several occurences of culture-sensitive string formatting.
• All: Fixed several occurrences of wrong synchronization context.
• All: Mainstream edition no longer supports .NET Framework 2.0/3.0 and .NET Core 1.0/1.1.
• SFTP: Fixed handling of symbolic link source paths in non-recursive multi-file operation.
• SFTP: Unified GetConnectState() behavior across platforms.
• File Server: Added full support for Elliptic Curve Diffie-Hellman (ECDH) on Windows 10, Windows Server 2016 and Windows Server 2019.
• File Server: Added support for 'curve25519-sha256' key exchange cipher (equivalent to already-supported 'curve25519-sha256@libssh.org').
• File Server: Added support for 'check-file' SFTP extension, making it possible to calculate hashes of remote files.
• SSH: Added full support for Elliptic Curve Diffie-Hellman (ECDH) on Windows 10, Windows Server 2016 and Windows Server 2019.
• SSH: Added support for 'curve25519-sha256' key exchange cipher (equivalent to already-supported 'curve25519-sha256@libssh.org').
• SSH: Enhanced performance of ChaCha20-Poly1305 cipher ('chacha20-poly1305@openssh.com') in SSH client.
• SSH: Fixed possible deadlock in SSH client when processing incoming EOF packet while waiting for remote receive buffer size to increase.
• TLS Core: Added asynchronous methods to TlsSocket base class.
• TLS Core: Added SetSymmetricCipherSuites/​GetSymmetricCipherSuites methods to configure enabled TLS 1.3 cipher suites.
• TLS Core: Added support for ChaCha20-Poly1305 cipher suites to TLS 1.3 and 1.2.
• TLS Core: Fixed behavior of TlsSocket methods after Dispose has been called.
• TLS Core: Fixed behavior of TlsSocket.Shutdown.
• TLS Core: Improved argument checks in TlsSocket base class.
• TLS Core: Improved multi-pass parsing of the TLS 1.3 records.
• TLS Core: Many optimizations in TLS 1.3 core.
• Cryptography: Added full support for Elliptic Curve Diffie-Hellman (ECDH) on Windows 10, Windows Server 2016 and Windows Server 2019.
• Cryptography: Added native support for ECDH with X25519 curve on Windows 10, Windows Server 2016 and Windows Server 2019.
• Common: Internal optimizations.

2019 R4.2 #

(version 5.0.7320 from 2020-01-15)

Maintenance release

This release solves several issues in the shared functionality.

Detailed list of changes:

• SSH: Fixed possible deadlock during SSH renegotiation (client-side).
• TLS Core: Fixed renegotiation in TLS 1.2 (has been broken since 2019 R4).
• Cryptography: Added workaround for RSA signatures shorter than the key size (.NET Core on Linux is unable to handle them).
• Cryptography: Fixed AsymmetricKeyAlgorithm.​GetRawPublicKey() key format when RSA via MS CNG is in use.
• Cryptography: Only known external plugins are allowed for enhanced security.
• Cryptography: Saving public key as well when saving X25519 private keys.

2019 R4.1 #

(version 5.0.7290 from 2019-12-16)

.NET Core 3.1 support

.NET Core 3.1 is now supported on the following platforms:

• Windows (x64, x86, ARM32)
• Windows 10 IoT (x64, x86, ARM32)
• Linux (x64, ARM32)
• macOS (x64)

TLS 1.3 improvements

This release fixes several issues in our new TLS 1.3 core. If you are already using TLS 1.3, upgrading to this release is recommended.

Please note that TLS 1.3 support is not enabled by default yet to prevent interoperability issues with legacy third-party servers. To enable it, use SslAllowedVersions setting, as described in our TLS 1.3 support announcement.

Detailed list of changes:

• All: Added support for .NET Core 3.1.
• All: Added support for Mono 6.x.
• SFTP: Fixed a possible deadlock when adjusting SSH channel window size during SSH renegotiation.
• File Server: Added FileServer.Settings.MaxIdleDuration and IgnoreKeepAlive to make it possible to easily force closure of idle sessions.
• Terminal: Added workaround to terminal Unbind method for SSH servers that don't properly respond to SSH_MSG_CHANNEL_CLOSE and caused the method to block until timed out.
• Networking: Added missing 'buffer' argument check to some Send/Receive methods in ProxySocket/TlsSocket.
• Networking: Fixed unhandled ObjectDisposedException or misleading SocketException when ProxySocket.Connect aborted due to timeout.
• SSH: Added a workaround for a bug introduced in OpenSSH 8.0 that rejects 'sender channel' numbers in the upper half of uint32 range.
• SSH: Added SshEncryptionMode.AEAD (to replace SshEncryptionMode.GCM).
• SSH: Added support for ChaCha20-Poly1305 AEAD cipher ('chacha20-poly1305@openssh.com') to SSH client.
• TLS Core: Added support for RSASSA-PSS signatures in TLS 1.2 when TLS 1.3 has been enabled.
• TLS Core: Avoid unwanted truncation of outgoing TLS 1.3 messages when TlsSocket is disposed.
• TLS Core: Enhanced error message when no suitable curve is available.
• TLS Core: Fixed compatibility issue with Xamarin's "Sdk Assemblies Only" option.
• TLS Core: Fixed exception type to TlsException for TLS 1.3 errors.
• TLS Core: Fixed handling of TLS 1.3 PSK-KE.
• TLS Core: Fixed check of signature algorithm in TLS 1.3 CertificateVerify.
• TLS Core: Fixed occasional failure when negotiating TLS 1.2 or lower when TLS 1.3 is allowed.
• TLS Core: Fixed order of supported signature schemes in TLS 1.3 ClientHello message.
• TLS Core: Fixed parsing of fragmented TLS 1.3 handshake messages.
• TLS Core: Fixed parsing of the TLS 1.3 KeyShare extension.
• TLS Core: Fixed potential NullReferenceException when TLS 1.3 negotiation has been interrupted unexpectedly.
• TLS Core: Fixed selection of signature algorithm used in CertificateVerify handshake messages.
• TLS Core: Not announcing support for X.509 certificates with Ed25519 or RSASSA-PSS public key OID (not supported yet).
• TLS Core: Optimizations in TLS 1.3 internals.
• Cryptography: Added workaround for bad RSA/PSS signature algorithm identifiers with missing parameters.
• Cryptography: Enabled workaround for private key loading from Mono key store in .NET Standard edition on Mono.
• Cryptography: Enhanced 'Invalid key format' error message when loading a private key.
• Cryptography: Fixed serial number handling in CertificateIssuer to conform to RFC 5280 constraints.
• Common: Binaries for .NET Standard 1.5 now use System.Collections.NonGeneric instead of custom implementations.
• Common: Enabled Xamarin.Android workarounds in .NET Standard 2.0 edition.
• Common: Improved ISafeSerializationData support detection.

2019 R4 #

(version 5.0.7244 from 2019-10-31)

Support for TLS 1.3 in Telnet

Telnet class features support for telnet over TLS 1.3.

Detailed list of changes:

• SFTP: Improved behavior of stream-based PutFile methods with DisableProgressPercentage (stream length is no longer determined).
• File Server: Enhanced handling of exceptions in custom events.
• File Server: Enhanced normalization of Windows-like paths (only applies to AcceptWindowsPaths option).
• File Server: Fixed timing out of not-yet-authenticated sessions.
• Telnet: Added support for TLS 1.3.
• TLS Core: Added support for ALPN TLS extension to TlsSocket.
• TLS Core: Added TlsBulkCipherMode.AEAD (to replace TlsBulkCipherMode.GCM).
• TLS Core: Removed support for two legacy unsecure anonymous ciphers (DH_anon_EXPORT_WITH_DES40_CBC_SHA and DH_anon_EXPORT_WITH_RC4_40_MD5).
• Cryptography: Added PkcsBase.LoadSignedOrEnvelopedData method (a replacement for deprecated PkcsBase.Load).

2019 R3.2 #

(version 5.0.7206 from 2019-09-23)

.NET Core 3.0 support

This release introduces support for .NET Core 3.0 on the following platforms:

• Windows (x64, x86, ARM32)
• Windows 10 IoT (x64, x86, ARM32)
• Linux (x64, ARM32)
• macOS (x64)

Windows 10 IoT support

This release introduces support for .NET Core 3.0 on Windows 10 IoT on x64, x86 and ARM32 platforms.

Tunneling SOCKS5 proxy server

Ssh class features new StartSocksServer method that starts a local SOCKS5 proxy server that tunnels connections through a remote SSH server.

Detailed list of changes:

• All: Added support for .NET Core 3.0.
• All: Added support for Windows 10 IoT (via .NET Core 3.0).
• SFTP: Added Settings.​PreferInteractiveAuthentication option (prefer 'keyboard-interactive' to 'password' authentication).
• SCP: Added Settings.​PreferInteractiveAuthentication option (prefer 'keyboard-interactive' to 'password' authentication).
• File Server: More common forms of ungraceful session termination are no longer logged as errors at LogLevel.Error.
• File System: Added FileServerUser constructors that accept FileSystemProvider.
• SSH Shell: Added Settings.​PreferInteractiveAuthentication option (prefer 'keyboard-interactive' to 'password' authentication).
• SSH Shell: Added Ssh.StartSocksServer method (starts a local SOCKS5 proxy server that tunnels connections through SSH).
• Terminal: Fixed VirtualTerminal.SetScreenSize to notify the server.
• SSH: Added SshGssApiCredentials.AccountName property to make it possible to specify an account name to be passed to the SSH server.
• SSH: Added workaround for legacy WS_FTP 7.x servers that encode long SSH packets improperly.
• SSH: Fixed SshChannel.SendEof method not to send EOF when channel has already been closed.
• Common: Optimized internal Task infrastructure on old .NET platforms.

2019 R3.1 #

(version 5.0.7161 from 2019-08-09)

Removed SSL 3.0 from TlsVersion.Any

TlsVersion.Any is no longer used by any Rebex library, but it might be used in custom applications. This could present a security issue because until now, TlsVersion.Any still used to contain TlsVersion.SSL30. SSL 3.0, a predecessor to TLS 1.0 protocol, has been published in 1996. It is comprehensively broken and should no longer be used. Application that still use it violate RFC 7568, which deprecated SSL 3.0 in 2015.

Detailed list of changes:

• All: Added support for serialization on Xamarin.Android and Xamarin.iOS platforms.
• SFTP: Improved logging of single-item SSH_FXP_NAME responses.
• File Server: Enhanced log to include enumerated item count when directory has been enumerated.
• Telnet: Fixed occasional logging of multiple "Received 0 byte(s) of data" messages.
• Terminal: Added check which limits color indices received from server to 256 colors to prevent an exception.
• TLS Core: Modified TlsVersion.Any to only include TLS 1.0, 1.1 and 1.2.
• Cryptography: Fixed handling of user-supplied RSACng in AsymmetricKeyAlgorithm and SshPrivateKey on modern platforms.

2019 R3 #

(version 5.0.7119 from 2019-06-28)

Support for .NET Standard 2.0 on Mono 5.14 and higher

Binaries of Rebex libraries targeting .NET Standard 2.0 are now also supported on Mono 5.14 and higher.

End of Standard Support for .NET Compact Framework 3.5 and 3.9

2019 R3 is the last release that includes support for .NET Compact Framework 3.5 and 3.9 in the standard package. Starting with 2019 R4, .NET CF 3.5/3.9 will only be supported with Legacy Editions, which will be available as separate products. See their release history.

Detailed list of changes:

• All: Binaries targeting .NET Standard 2.0 are now supported on Mono 5.14 or higher.
• SFTP: Fixed Sftp.KeepAlive() to update State and IsConnected properties on failure.
• File Server: Added dependency on Rebex.FileSystem to NuGet package for Rebex.FileServer.
• File Server: Added FileServerSettings.​MaxPendingConnectionsQueueLength (specifies the maximum queue length of the listening socket)
• File Server: Fixed rare NullReferenceException while enumerating FileServer.Sessions.
• SSH: Added SshPrivateKey.Generate(...) methods on .NET Compact Framework.
• SSH: Added workaround for broken EtM ciphers in OpenSSH 6.6.
• SSH: Enhanced GlobalScape SSH server detection.
• SSH: Enlarged upper limit for non-standard DSA keys to 8192 bits on .NET Framework and .NET Core.
• SSH: Fixed reporting of SSH_MSG_USERAUTH_GSSAPI_ERROR and SSH_MSG_USERAUTH_GSSAPI_ERRTOK responses.
• TLS Core: Added TlsCipherSuite.Fast enum value.
• TLS Core: Fixed a bug in server-side mode of TlsSocket that caused client certificate authentication to fail.
• TLS Core: Internal changes in the TLS layer (in preparation for the upcoming TLS 1.3 support on mainstream platforms).
• Cryptography: Added Certificate.GetPrivateKeyInfo() method.
• Cryptography: Added CertificateEngine.LocalMachine engine and CertificateEngine.Bind method.
• Cryptography: Added support for SHA-224 hash algorithm.
• Cryptography: Added support for X25519 key format (RFC 8410).
• Cryptography: Always using AES by default to encrypt PKCS #8 private keys.
• Cryptography: Meaningful error message for the CNG AEAD auth tag mismatch.
• Common: Optimized asynchronous continuations on modern platforms.
• Common: Upgraded Task infrastructure in Xamarin.Android binaries.

2019 R2 #

(version 5.0.7077 from 2019-05-17)

Support for Visual Studio 2019

All Rebex libraries are now fully supported in Microsoft Visual Studio 2019.

Support for .NET Framework 4.8

.NET Framework 4.8 is a fully supported platform.

Native elliptic curve cryptography on Linux with .NET Core 2.1 or higher

On Linux, binaries for .NET Standard 2.0 now utilize OpenSSL elliptic curve routines via .NET Core 2.1 (or higher), making it possible to use ECDH and ECDSA ciphers in TLS/SSL and SFTP/SSH with no need of external plugins.

Detailed list of changes:

• All: Added support for .NET Framework 4.8 and Visual Studio 2019.
• All: Removed leftover Trace.Write logging.
• File Server: Added an option to make the SFTP protocol accept Windows path (only on input).
• File Server: Fixed race condition related to remote window size that could lead to hung channels.
• File System: Fixed a bug in enumeration of nested mount points in MountCapableFileSystemProvider.
• SSH: Added dummy support for SSH_MSG_EXT_INFO (RFC 8308).
• Cryptography: Added CertificationRequest.Save method.
• Cryptography: Added support for ECDSA and ECDH on .NET Core 2.1/.2.2 on Linux (no need for external plugins).
• Cryptography: Added workaround for broken export of RSA keys from the CNG providers on Windows 7.
• Cryptography: Added workaround for CRLs with redundant trailing data to CertificateRevocationList.
• Cryptography: Added workaround for legacy versions of Mono with lack of SHA-2 support.
• Common: Asynchronous infrastructure improvements.

2019 R1 #

(version 5.0.7027 from 2019-03-28)

Improved platform support

This release adds three new sets of binaries targeting the following platforms:

• .NET Core 2.0/2.1/2.2 (via .NET Standard 2.0)
• .NET Framework 4.6.x/4.7.x
• .NET Framework 3.5 SP1

For an overview of available binaries and supported platforms, check out Rebex Support Lifecycle KB article.

API changes

In this release, we bumped the version to 5.0 and changed some parts of the API a bit. We removed parts of our API that have been deprecated for years, and we deprecated parts of our API that were considered outdated. Additionally, we made some missing methods available on Xamarin and .NET Standard 1.5 platforms as well.

These changes should only affect a minority of our users. If you are affected and need help, please contact us!

DSA deprecation in SFTP and SSH clients

Because DSA algorithm is now considered deprecated, we changed the preferred host key algorithm to RSA. To revert to the previous behavior, set client.Settings.SshParameters.PreferredHostKeyAlgorithm to SshHostKeyAlgorithm.DSS.

MD5 deprecation in SshFingerprint

SshFingerprint's ToString() and ToArray() methods use SHA-256 now. To revert to previous behavior, specify SignatureHashAlgorithm.MD5 when calling these methods.

Rebex.FileSystem on .NET Framework 3.5

Virtual file systems in Rebex File Server are now supported on .NET Framework 3.5 SP1 as well.

Optimized AES/GCM performance

Improved performance of AES/GCM ciphers in TLS and SSH protocols on .NET Compact Framework and non-Windows platforms.

Detailed list of changes:

• All: Added binaries targeting .NET Framework 3.5 SP1.
• All: Added binaries targeting .NET Framework 4.6 and higher.
• All: Added binaries targeting .NET Standard 2.0.
• All: Removed long-deprecated API. Deprecated legacy API.
• SFTP: Added SftpItemType.Fifo enum value.
• SFTP: Fixed SftpItem.Owner/Group properties that returned null (contrary to the documentation) when using SFTP v3.
• SFTP: GetItems() method changed to return items of unknown type instead of throwing an exception.
• File Server: Added workaround for SocketAsyncEventArgs which could be leaking memory due to a bug in .NET Core 2.0 or earlier.
• File System: Rebex.FileSystem now supports .NET Framework 3.5 SP1.
• Terminal: Enhanced an error message reported when background processing mode has been enabled and application's main message loop gets stuck.
• Networking: Fixed passing of state to the callback method in ProxySocket.BeginConnect and TlsSocket.BeginConnect.
• SSH: Changed behavior of SshFingerprint.ToString() and .ToArray() to use SHA-256.
• SSH: Improved performance of AES/GCM ciphers on .NET Compact Framework and non-Windows platforms.
• SSH: RSA host keys are preferred to DSA host keys.
• SSH: SHA-512 is only used during SSH client authentication when the RSA key length allows it.
• SSH: SshParameters.MinimumRsaKeySize now applies to client RSA keys as well.
• SSH: Using standard form of Diffie-Hellman group exchange with GlobalScape servers.
• TLS Core: Fixed passing of state to the callback method in ProxySocket.BeginConnect and TlsSocket.BeginConnect.
• TLS Core: Improved performance of AES/GCM ciphers on .NET Compact Framework and non-Windows platforms.
• Cryptography: Fixed behavior of HMAC mode in KeyMaterialDeriver.​DeriveKeyMaterial method.
• Cryptography: Fixed garbage collection issue with PFX-based certificate keys on non-Windows platforms.
• Cryptography: Fixed handling of shared secred padding in AsymmetricKeyAlgorithm.​GetKeyMaterialDeriver.​
• Cryptography: Fixed possible NullReferenceException in CertificationRequest.​GetAlternativeHostnames method.
• Common: Fixed Certificate.Associate with permanent bind on .NET Compact Framework to ensure the key is not garbage-collected.
• Common: LocalItem constructor no longer fails on items with invalid paths.

2018 R4 #

(build 6930 from 2018-12-21)

Password and key authentication in File Server

Support for authentication with both password and public key added to Rebex File Server.

Support for yet another OpenSSH key encryption

Added support for new OpenSSH keys with AES-CTR encryption.

Detailed list of changes:

• File Server: Added support for combined (password+key) authentication.
• File System: Added NodeContent.​WasStreamClosedForcefully property to make it possible to detect files closed due to failed SFTP connection.
• Terminal: Added workaround for incompatible casings of 'Monospace' font name on Android.
• Terminal: Enhanced Alt keystroke handling and added TerminalContrl.AltKeyMode property.
• Networking: ProxySocket and TlsSocket implement IDisposable now.
• Networking: Added workaround to ProxySocket for ObjectDisposedException in Socket.ConnectAsync on .NET Core for macOS.
• SSH: Enhanced legacy group exchange autodetection.
• SSH: Fixed handling of Ssh.Encoding property.
• SSH: Fixed SshPublicKey(PublicKeyInfo) constructor that only accepted RSA or DSA keys.
• SSH: Fixed Verbose logging of interactive authentication.
• SSH: Changed SshParameters.MinimumRsaKeySize from 1024 to 1023 bits.
• TLS Core: Improved server certificate usage check.
• TLS Core: Improved TLS logging.
• Cryptography: Added support for 'BEGIN RSA PUBLIC KEY' keys (PKCS #1 / RFC 3447) to PublicKeyInfo.
• Cryptography: Added support for IP addresses in Subject Alternative Name certificate extension.
• Common: Added support for new OpenSSH key format with AES-CTR encryption.
• Common: Fixed possible certificate validation failures on some versions of Xamarin.Android.

2018 R3 #

(build 6874 from 2018-10-26)

Password-hiding in Verbose logging mode

Communication logs created with Verbose level no longer contain authentication credentials, which makes it more convenient and safer to share them with others.

Support for 'fsync@openssh.com' SFTP extension

Added support OpenSSH's fsync extension that makes it possible to ensure that modified file data has been written to disk. At client-side, this has to be enabled using Sftp.Settings.EnableFileSync property.

Added Sftp.CreateLink method

The new CreateLink method supports both symbolic links and hard links. For hard-links, the server must support OpenSSH's hardlink@openssh.com extension.

Connection-establishing API for .NET CF

Added very simple connection-establishing API for .NET Compact Framework (Rebex.Net.ConnectionManagement namespace).

Detailed list of changes:

• All: Added password-hiding in Verbose logging mode.
• All: Added experimental support for Mono on Windows.
• All: Fixed messages of some ObjectDisposedException objects.
• SFTP: Added support for 'fsync@openssh.com' SFTP extension (enable using Sftp.Settings.FileSyncOnUpload property).
• SFTP: Added Sftp.CreateLink method (needs 'hardlink@openssh.com' extension support to create hard links).
• SFTP: Fixed minor race condition in Dispose method.
• File Server: Added support for 'fsync@openssh.com' SFTP extension.
• File Server: Enhanced logging of channel requests.
• Networking: Added simple connection manager API on .NET Compact Framework (Rebex.Net.ConnectionManagement namespace).
• Networking: Report a meaningful error message when .NET Compact Framework's 'not a socket' issue is encountered.
• SSH: Added SshParameters.MaximumPacketSize property.
• SSH: Fixed Login not to block Dispose in Sftp, Scp and Ssh classes.
• SSH: Using UTF-8 at SSH protocol level by default in Sftp, Scp and Ssh classes.
• SSH: Added logging of SSH channel window size adjustments.
• SSH: Fixed decompression in encrypt-then-mac (EtM) MAC mode.
• TLS/SSL: TLS cipher suite being negotiated is logged as soon as possible.
• Cryptography: CertificateStore implements IEnumerable<Certificate>.
• Cryptography: Proper error is reported when trying to validate ECDSA certificates on Mono.
• Common: Added optimized thread pool on .NET Compact Framework.

2018 R2.1 #

(build 6821 from 2018-09-03)

Enhancements and bugfixes

This is a maintenance release with several bugfixes and enhancements.

Detailed list of changes:

• SFTP: Fixed aborting of Sftp object's Connect method when Dispose method has been called.
• File Server: Fixed semi-random timeout exception in SFTP subsystem on extremely fast connections.
• File Server: Added FileServer.Settings.KeepAlivePeriod to make it possible to specify that keep-alive packets are to be sent after a period of inactivity.
• File Server: Fixed range check in the setter of FileServer.​Settings.​MaxSessionDuration and FileServer.​Settings.​MaxSessionTransferredBytes properties.
• Terminal: Increased timeout for marshalling events to GUI thread when debugger is attached.
• Terminal: Added RequestedAction.​SingleWidthSingleHeightLine.​
• Terminal: Improved terminal to support new control sequences (LNM, SRM, ECH, DSR, DECSCPP, DECSLPP, DECDHL).
• Terminal: Fixed Scripting.TrimReadUntilResponse behavior when the prompt is encountered multiple times.
• Terminal: Fixed terminal recorder that used to emit wrong escape sequences in some scenarios.
• Networking: Added Proxy.HttpUserAgent property to make it possible to specify User-Agent for HTTP CONNECT proxies.
• Networking: ProxySocket methods now throw ObjectDisposedException when disposed.
• SSH: Fixed data buffering when raising SshChannel.ExtendedDataReceived event.
• Cryptography: Optimized certificate signature validation on .NET Compact Framework.

2018 R2 #

(build 6755 from 2018-06-29)

New fully supported platform: .NET Core on macOS

This release adds full support for .NET Core 2.x on macOS.

Enhancements and bugfixes

Enhancements and bugfixes in the shared functionality.

Detailed list of changes:

• All: Added support for .NET Core on macOS.
• SFTP: Improved Sftp.GetList() logging.
• SFTP: Fixed Download() method for filenames starting with backslash on Unix-like servers.
• File Server: Fixed behavior of Rename operation in virtual file systems when the source file name and the target file name differ only in letter casing.
• File Server: Fixed propagation of the custom error from the SaveContent method in virtual file systems.
• File Server: Tweaked default set of Diffie-Hellman group exchange parameters in order to be compatibile with GlobalScape clients.
• File Server: Fixed non-working combination of legacy 'diffie-hellman-group14-sha1' key exchange cipher with 'hmac-sha2-512' MAC cipher.
• Telnet: Fixed wrong handling of 0D FF sequences (not processed if preceded by 0A and reported as regular data).
• Terminal: Added TerminalControl.MouseWheelMode property.
• Terminal: Improved logging in Scripting class at LogLevel.Debug level.
• Terminal: Added additional properties to RequestedAction enumeration (useful in TerminalControl.ActionRequested event).
• Terminal: Implemented proper Ctrl+arrow handling.
• Terminal: Fixed Scripting.​Send(ConsoleKey.​Spacebar).​
• Networking: Closed ProxySocket objects throw more meaningful exception.
• SSH: Added support for additional formats to SshPublicKey.
• SSH: Fixed possible bug in SshPublicKey loading.
• SSH: Added SshPrivateKey.GetPrivateKeyInfo() method.
• TLS/SSL: Added SslSettings.​SslServerCertificateValidationOptions and SslCertificateValidationEventArgs.​Options properties.
• Cryptography: Added workaround for eToken CSP private key operations.
• Cryptography: Fixed possible 'Unexpected key algorithm' error in AsymmetricKeyAlgorithm.
• Cryptography: Fixed Certificate.​GetSignatureHashAlgorithm() for RSASSA-PSS certificates
• Cryptography: RSACryptoServiceProvider usability detection made more compatible.
• Cryptography: Fixed CertificateStore.Exists on .NET Core.
• Cryptography: Fixed Certificate.HasPrivateKey for non-silent keys.
• Cryptography: Fixed potential security vulnerability in RSAManaged class (proper padding check in signature verification).
• Common: Fixed compatibility with AWS Lambda.

2018 R1.1 #

(build 6690 from 2018-04-25)

New fully supported platform: .NET Core on Linux

This release adds full support for .NET Core 2.x on Linux.

Detailed list of changes:

• All: Added support for .NET Core on Linux.
• SFTP: Added SftpListItemReceivedEventArgs.​UserState property.
• File Server: Optimized directory content enumeration on virtual file systems.
• File Server: Fixed handling of wildcard characters on virtual file systems.
• File Server: Fixed behavior of virtual file systems when opening file in 'OpenOrCreate' mode.
• File Server: Fixed handling of missing source file in Rename operations on virtual file systems.
• File Server: Fixed race condition in ServerSession.SendMessage method (only encountered on .NET Compact Framework).
• File Server: Fixed behavior of virtual file systems when opening file in 'Create' mode with 'Read' access.
• File Server: Tweaked socket binding on .NET Core on Linux.
• Terminal: SCO character set disabled when using a UTF encoding.
• Terminal: Fixed ScriptEvent behavior on .NET Core on Linux.
• Security: FileEncryption object's EncryptionKeySize and XtsBlockSize properties are no longer ignored when using FileEncryptionAlgorithm.AesXts.
• SSH: Fixed handling of invalid data packets claiming to contain more data than their payload length.
• TLS/SSL: Fixed error raising in TlsSocket's EndSend/EndReceive methods.
• Cryptography: Enhanced error message when trying to use signing-only RSA certificate for decryption.
• Cryptography: Fixed private key exporting on .NET Core on Linux.
• Cryptography: Fixed retrieval of certificate with bound keys from store on .NET Core on Linux.
• Cryptography: Fixed possible NullReferenceException in built-in custom certificate validator on .NET Compact Framework. Could occur using CRL validation.
• Cryptography: Fixed DSAManaged.ExportParameter method that failed to export parameters with missing Seed.
• Cryptography: Added CertificateEngine.​BuildChain(Certificate) method.
• Cryptography: Current CertificateEngine's BuildChain method is now used in CMS (PKCS #7) SignedData and EnvelopedData.
• Cryptography: Added Certificate.Tag property to make it possible to associate custom objects with a particular Certificate instance.
• Cryptography: Enhanced logging in built-in custom certificate validator on .NET Compact Framework.

2018 R1 #

(build 6666 from 2018-04-01)

Additional SSH ciphers

Client-side SSH now supports AES/GCM ciphers and EtM MAC ciphers compatible with OpenSSH.

Enhancements and bugfixes

Enhancements, bugfixes and workarounds in virtual file system infrastructure and other areas.

Detailed list of changes:

• SFTP: Added Sftp.Settings.CustomCommand property.
• SFTP: Added workaround for GlobalScape servers that have issues with long data blocks.
• File Server: Fixed logging of cipher mismatch errors.
• File Server: Fixed logging of 'too many authentication attempts' error.
• File Server: Fixed behavior of 'cp' command in virtual shell.
• File Server: Retired FileServerAction.CopyFile and Rename actions (now reported as sequence of simpler actions).
• File Server: Fixed handling of custom exception in virtual file system providers.
• File Server: Added SshConsole.HasPseudoTerminal property.
• File Server: Added FileServer.​Settings.​ForceShellWelcomeMessage property.
• File Server: Treat both '\r' and '\n' as 'Enter' in terminal-less shell.
• File Server: Fixed incomplete (un)aliasing of virtual file system paths and related problems with Move operation.
• File Server: Disallowed non-empty directory removal in virtual file system.
• File Server: Added workaround for confusing sharing violation error when deleting non-empty directory on Windows Embedded Compact 7.
• File Server: Fixed buffer size in directory enumerator on .NET Compact Framework (potentially causing memory corruption).
• File Server: Fixed problems with incomplete enumeration of nodes in linked directories in MountCapableFileSystemProvider.
• File Server: Fixed handling of already-existent files in Rename/Move/Copy operations on virtual file systems.
• File Server: Added workaround for known issue in .NET Framework 4.5 ('Operation could destabilize the runtime' error).
• File Server: Added TunnelRequestedEventArgs.Session property.
• File Server: Added missing '.' and '..' entries when enumerating virtual file system directories.
• File Server: Fixed access mode when opening a files in virtual file system.
• File Server: Fixed unhelpful error message when creating a directory that already exists in a virtual file system.
• Terminal: Fixed an exception when resizing TerminalControl when the control is being disconnected.
• Security: Added low-level Xts class.
• SSH: Added support for AES/GCM ciphers ('aes128-gcm@openssh.com' and 'aes256-gcm@openssh.com') to SSH client.
• SSH: Added support for EtM MAC ciphers ('hmac-sha2-256-etm@openssh.com' and 'hmac-sha2-512-etm@openssh.com') to SSH client.
• TLS/SSL: Log deprecation warning when using SSL 3.0, which is disabled by default and should no longer be used at all.
• TLS/SSL: Added SslSettings.​SslRenegotiationExtensionEnabled option.
• TLS/SSL: Added SslSettings.​SslServerNameIndicationEnabled option.
• Cryptography: Added CryptographicCollection<T> as a base for cryptographic collection classes.
• Cryptography: Fixed possible NullReferenceException inCertificateRevocationList.​GetRevocationReason() method.
• Cryptography: Fixed PFX saving on Mono.
• Cryptography: Fixed "Unable to load DLL 'Bcrypt.dll'" error on Linux with .NET Core.
• Cryptography: Added EnhancedCertificateEngine to .NET Compact Framework version to make it possible to supply custom root certification authorities.
• Common: Enabled Certificate/​CertificateChain.​LoadPfx with AlwaysCng option on .NET Compact Framework 3.9.
• Common: Fixed rare race condition in possibly leading to NullReferenceException on .NET Core and UWP platforms.
• Common: Fixed COMException in CertificateChain.BuildFrom method on experimental UWP platform.
• Common: Built-in custom certificate validator on .NET CF no longer unnecessarily validates signature of root CA certificates that are trusted by the OS.

2017 R6.3 #

(build 6586 from 2018-01-11)

Maintenance release

This is a maintenance release with enhancements in the shared functionality.

Detailed list of changes:

• Cryptography: Added support for RSAES-OAEP with input parameter (label).
• Cryptography: Added support for RSAES-OAEP with mismatched hash algorithms.
• Cryptography: Fixed initialization of EncryptionAlgorithm property in MailMessage.Recipients collection items.
• Cryptography: Added support for RSASSA-PSS with mismatched hash algorithms.
• Cryptography: Fixed CNG private key conversion workaround.

2017 R6.2 #

(build 6565 from 2017-12-21)

Faster AES on Windows

Rebex libraries now use Windows CNG for AES symmetric encryption algorithm when available. CNG implementation of AES is faster and takes advantage of AES-NI instructions.

Checksum support in multi-file SFTP transfers

Sftp object's Upload and Download methods support ActionOnExistingFiles.OverwriteDifferentChecksum, making it possible to use SFTP's checksum and hashing functionality to determine which files were changed.

Please note that this functionality is only supported by servers that implement the "file-check" extension.

Detailed list of changes:

• SFTP: Added support for ActionOnExistingFiles.​OverwriteDifferentChecksum to Upload/Download methods.
• File Server: Added workaround for content streams that do not support seeking beyond the end-of-stream.
• File Server: A meaningful error message is now reported when a virtual file system operation is canceled in the preview event.
• File Server: Fixed locking of FileServer.Keys collection.
• File Server: Added Action property to FileServer.PathAccessAuthorization event arguments.
• File Server: Messages from FileSystemException error now propagate to the SFTP subsystem.
• File Server: Fixed unintended reset of ServerSession.Current when raising FileServer events.
• File Server: Fixed wrong target path passed to virtual file system Move method.
• Terminal: Added TerminalFontInfo.Bold property to make regular fonts bold.
• Security: Added overloads of XtsStream that accept file path.
• Networking: ProxySocket constructor requires a connected socket now.
• SSH: Added SshParameters.​UseLegacyGroupExchange option to make it possible to force using legacy or standard form of SSH Diffie-Hellman group exchange packet.
• SSH: Enhanced legacy group exchange autodetection.
• TLS/SSL: Fixed handling of duplicate suites in ClientHello packets.
• Cryptography: Added CertificateChain.LoadDer method to load a chain of Base64-encoded certificates.
• Cryptography: Fast CNG implementation of AES (which takes advantage of AES-NI instructions) is used when available.
• Cryptography: Added workaround for broken X509Certificate.GetPublicKey() on Mono 5.4.
• Cryptography: Added a workaround for GPG's gpgsm utility that required some SignedData fields to be DER-encoded.

2017 R6.1 #

(build 6534 from 2017-11-20)

Remote file system information

Sftp object now features GetFileSystemInfo method, which makes it possible to determine free space and other information about a remote file system drive.

Please note that this functionality only works with servers that support "space-available" or statvfs@openssh.com extension.

Native elliptic curve cryptography on Windows Embedded Compact 2013

Rebex libraries now use Windows CNG MS CNG API on .NET Compact Framework 3.9 / Windows Embedded Compact 2013, making it possible to use ECDH and ECDSA ciphers in TLS/SSL and SFTP/SSH with no need of external plugins.

Detailed list of changes:

• SFTP: Added Sftp.GetFileSystemInfo method to determine free space and other drive information.
• SFTP: Fixed a bug that caused the client not to ask for access time attribute in SFTP v4 (most servers sent the attribute despite this).
• SFTP: Added workaround for ProFTPd 1.3.6's mod_sftp which sends broken response when CREATETIME attribute has been requested.
• SSH: Added SshPublicKey.LoadPublicKeys method that supports loading OpenSSH's 'authorized_keys' files.
• Cryptography: Enhanced custom CRL downloader for .NET Compact Framework to handle all 3xx redirect codes.
• Cryptography: Enhanced Certificate.LoadDer to handle files with multiple certificates (loads the first one).
• Cryptography: Enabled usage of MS CNG API in .NET Compact Framework 3.9 edition on Windows Embedded Compact 2013 when appropriate.
• Cryptography: Fixed detection of AES/GCM support.
• Cryptography: Fixed detection of native Brainpool and secp256k1 support.
• Cryptography: Added 'params' to CertificateInfo.​SetExtendedUsave/​SetAlternativeHostnames methods.
• Cryptography: Fixed null handling in CertificateInfo.MailAddress.
• Cryptography: Fixed empty block processing in AES/GCM.
• Common: Added workaround for broken Encoding.ASCII encoder on legacy Mono platforms.
• Common: Enhanced SSPI error reporting.
• Common: Fixed platform info in logs on macOS.

2017 R6 #

(build 6508 from 2017-10-25)

AES/GCM support in TLS/SSL on all platforms

We added support for TLS ciphers based on AES/GCM (AES in Galois/Counter Mode) symmetric encryption algorithm:

• ECDHE_RSA_WITH_AES_128_GCM_SHA256
• ECDHE_RSA_WITH_AES_256_GCM_SHA384
• ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
• ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
• DHE_RSA_WITH_AES_128_GCM_SHA256
• DHE_RSA_WITH_AES_256_GCM_SHA384
• DHE_DSS_WITH_AES_128_GCM_SHA256
• DHE_DSS_WITH_AES_256_GCM_SHA384
• RSA_WITH_AES_128_GCM_SHA256
• RSA_WITH_AES_256_GCM_SHA384

These ciphers are available on all supported platforms including .NET Framework 2.0/3.5 and .NET Compact Framework.

Detailed list of changes:

• All: Added support for DSA key generation on .NET Core on Windows.
• SFTP: Fixed SFTP extension info parser (used to fail with some charsets).
• File Server: Fixed virtual root handling for root-based paths.
• File Server: VfsContentStream marks content as 'dirty' when its SetLength method is called as well.
• Networking: Fixed PortRange binding (an issue introduced in previous release).
• Networking: Fixed ReceiveBufferSize/SendBufferSize propagation (an issue introduced in previous release). This was observed to cause slowdown on Windows platform in some scenarios.
• Networking: Fixed handling of IP-based host names in proxy name resolving routine (an issue introduced in previous release).
• TLS/SSL: Added support for AES/GCM to TLS.
• TLS/SSL: Added TlsCipherSuite.Weak enum.
• Cryptography: Added support for RSAES-OAEP encryption to EnvelopedData/RecipientInfo objects (CMS / PKCS #7).
• Cryptography: Added support for RSAES-OAEP encryption to Encrypt/Decrypt methods in Certificate and AsymmetricKeyAlgorithm classes.
• Cryptography: Added support for DSA key generation on .NET Core 1.1 on Windows.
• Cryptography: Added support for RSASSA-PSS signatures to SignMessage/VerifyMessage methods in Certificate and AsymmetricKeyAlgorithm classes.
• Cryptography: Enhanced environment info logging.
• Cryptography: Fixed KeySize property of RSAManaged and DSAManaged to return the proper size for key sizes that are not evenly divisible by 8.
• Cryptography: Added support for RSASSA-PSS signatures to SignedData/SignerInfo objects (CMS / PKCS #7).
• Cryptography: Added support for legacy MD4 algorithm.
• Cryptography: Fixed saving of Brainpool keys (used wrong OID).
• Cryptography: Fixed handling of ED25519 keys in PrivateKeyInfo.
• Cryptography: Fixed CertificateStore private key saving on Mono.
• Common: Environment info is now logged when creating an instance of FileLogWriter.

2017 R5 #

(build 6461 from 2017-09-08)

New fully supported platforms: .NET Core 1.1 and 2.0 on Windows

This release adds full support for .NET Core 2.0 and 1.1 on Windows. Support for .NET Core on Linux and macOS is still experimental.

Support for .NET Standard 1.5, 1.6 and 2.0 (on .NET Core 1.1 and 2.0)

All Rebex libraries support .NET Standard 1.5, 1.6 and 2.0 on .NET Core 1.1 and 2.0. Support for other platforms (such as .NET Standard on .NET 4.6.x or higher) is still experimental.

Detailed list of changes:

• All: Added support for .NET Core 1.1 and 2.0 on Windows.
• File Server: Fixed unwanted pseudo-link persistence in MountCapableFileSystemProvider.
• File Server: Fixed a possible temporary deadlock in SFTP subsystem triggered when channel's receive buffers on both client and server got full at the same time.
• Networking: Added support for "http://" URLs in Proxy.Host.
• Cryptography: Added HTTP redirect handling to CRL downloader on .NET Compact Framework.
• Cryptography: Added workaround to enable SHA-2 on legacy operating systems (such as pre-SP3 Windows XP).
• Cryptography: Using ASN.1 GeneralizedTime for dates greater than 2050.
• Cryptography: Enhanced logging of some SSPI errors.
• Cryptography: Added workaround for invalid or empty HTTP header names.
• Common: Enabled SHA-2 support workaround for legacy RSA providers.
• Common: Using custom IBM 437 encoding on .NET Compact Framework.

2017 R4.1 #

(build 6426 from 2017-08-04)

Maintenance release

This is a maintenance release with several improvements, bugfixes and workarounds.

Detailed list of changes:

• Telnet: Added workaround for strangely-behaved YMODEM over Telnet.
• Terminal: Added TerminalControl.ScrollChanged event.
• Terminal: Added TerminalControl.ScreenPosition property.
• Terminal: Added missing disposed state check to all Scripting methods.
• Cryptography: Enhanced RSAES-OAEP support.
• Cryptography: Added CertificateStore.Add method (replacement for deprecated CertificateStore.AddCertificate method).
• Cryptography: Added KeySetOptions.PreferCng and KeySetOptions.AlwaysCng options.
• Cryptography: Fixed AsymmetricKeyAlgorithm.Dispose method.
• Cryptography: Fixed AsymmetricKeyAlgorithm.CreateFrom method (always honors the ownsAlgorithm argument now).

2017 R4 #

(build 6391 from 2017-06-30)

Custom file system support

Rebex File Server now features a rich custom file system provider API. This can be used to implement virtual file systems, or custom file systems that store data in a database, in the cloud, or elsewhere. Additionally, the built-in mount-capable virtual file system provider makes it possible to construct virtual file systems composed from multiple unrelated providers.

Support for CNG Key Storage Providers

Rebex Certificate class now fully supports RSA, DSA and ECDSA private keys stored in Windows CNG Key Storage Providers.

Detailed list of changes:

• All: Deprecated .NET Compact Framework 2.0, Windows (Store) 8.0 and Windows (Store/Phone) 8.1 platforms.
• All: Lots of improvements in experimental .NET Core / .NET Standard edition.
• SFTP: Enhanced error reporting of failed SFTP subsystem request.
• SFTP: Added workaround for Titan SFTP server which incorrectly handles uploaded blocks of 65535/65534 bytes.
• File Server: Added Rebex.FileSystem assembly with support for custom file system providers.
• File Server: Added Session property to server event arguments.
• File Server: Added GetInputStream/​GetOutputStream/​GetErrorStream methods to SshConsole. This makes it possible to implement advanced custom commands.
• File Server: Added Unix-like 'cp' (copy) command to virtual shell.
• File Server: Enhanced handling of ShellCommand event handler errors.
• File Server: Added DisconnectedEventArgs.User property.
• File Server: Implemented IDisposable in FileServer/Server classes.
• File Server: Enhanced logging of info requests for non-existent items.
• File Server: Added ServerSession.GetCurrent() static method.
• File Server: Added FileServer.​Settings.​GetItemInfoRequiresListPermission option to make it possible to specify whether item info retrieval requires List permission or Read permission.
• File Server: Enhanced handling of failed channel requests.
• File Server: Virtual root accessibility is checked before initializing the SFTP subsystem now.
• File Server: Added workaround for wrong error code reported as last error when deleting non-existent file.
• Terminal: Fixed handling of timeouts larger than 30 minutes in the scripting API.
• Terminal: Added workaround for premature events in TerminalControl on Mono.
• Terminal: Possibility to create palettes larger than 256 colors.
• Terminal: TerminalScreen.SetCell/GetCell methods accept rows smaller than zero now (to work with history buffer).
• SSH: Added SshParameters.CompressionLevel option to make it possible to specify the desired compression level for SSH.
• SSH: Deprecated SshPrivateKey.CreateSignature, VerifySignature and an old variant of the SshPrivateKey.Save method.
• SSH: Added SshPublicKey.GetPublicKeyInfo() method.
• SSH: Added SshException.GetServerInfo() method to make it possible to determine lists of ciphers supported by the server when SSH negotiation fails.
• Cryptography: Added support for certificates with private keys stored in CNG Key Storage Providers.
• Cryptography: Compatibility enhancements in Certificate public/private key operations and AsymmetricKeyAlgorithm class.
• Cryptography: Added Certificate.GetPublicKeyInfo() method.
• Cryptography: Fixed PublicKeyInfo.GetKeySize() method that used to throw an exception for ECDSA and ED keys.
• Cryptography: Added native support for secp256k1, Brainpool P-256 R1, P-384 R1 and P-512 R1 on Windows 10 and Windows Server 2016.
• Cryptography: Fixed default hash algorithm detection in SignMessage/VerifyMessage methods in Certificate and AsymmetricKeyAlgorithm classes.
• Cryptography: Experimental support for CMS (PKCS #7) decryption with RSA/OAEP/SHA-1 (RSAES-OAEP defined by RFC 3447).
• Cryptography: Fixed 'Unexpected PFX length' error when exporting 4096-bit RSA certificates into PFX/P12 file.

2017 R3 #

(build 6339 from 2017-05-09)

NuGet packages

Rebex libraries just got official NuGet packages!

If you have an active subscription, you will get NuGet packages as part of Rebex libraries. These are supposed to be added to your private NuGet repository.

Rebex packages are available at NuGet.org as well.

Experimental support for .NET Standard 1.5 and NET Core

This release adds experimental support for .NET Core (or rather .NET Standard 1.5/1.6) to all Rebex libraries.

In addition to .NET Core on Windows, Linux and macOS, .NET Standard edition of Rebex libraries can be used on any platform with .NET Standard 1.5 support. This currently includes .NET 4.6.2 and .NET 4.7, and hopefully other platforms soon.

Please note that 'experimental' support means that this edition has not yet reached the 'mainstream' support phase, and the API is subject to change. Any feedback is greatly appreciated.

Support for .NET Framework 4.7

.NET Framework 4.7 is a fully supported platform.

Underline and beam cursor styles in TerminalControl

TerminalControl supports underline and beam cursor styles in addition to the default block cursor. Use the CursorStyle property to specify the desired style.

Detailed list of changes:

• All: Added NuGet packages.
• All: Added experimental support for .NET Core and .NET Standard 1.5.
• All: Added workaround for a breaking change in Exception.Data on recent Xamarin.Android.
• All: Added support for .NET Framework 4.7.
• SFTP: Added Scp.Settings.ProcessCommand property to make it possible to customize the 'scp' command before it is sent to the server.
• SFTP: Added Sftp.GetHomeDirectory() method to make it possible to easily determine current user's home directory.
• SFTP: Optimized GetCurrentDirectoryAsync() method.
• File Server: Fixed unreadable packet names in some exception messages.
• File Server: Added support for single quotes in virtual shell.
• Terminal: Experimental (UI-less) support for Xamarin.Mac in Terminal Emulation library.
• Terminal: Added support for underline and beam cursors to Terminal Control (via CursorStyle property).
• Terminal: Fixed canvas resizing issue in TerminalControl when the font size has been changed.
• Terminal: TerminalControl now resets blink state while typing.
• Cryptography: Enhanced error messages in AsymmetricKeyAlgorithm.
• Cryptography: Custom certificate validator now behaves like MS CryptoAPI validator when dealing with RSA key sizes shorter than 1024 bits; MD5 signature hash algorithm is always considered to be weak for non-root certificates.
• Cryptography: Added support for .PFX/.P12 saving on .NET Compact Framework (requires Windows CE 5.0 or later).
• Common: Fixed incorrect handling of CNG RSA keys.

2017 R2 #

(build 6291 from 2017-03-22)

SSH client authentication using RSA with SHA-2

All Rebex libraries utilizing our SSH library now support client public/private key authentication based on RSA with SHA-2:

• rsa-sha2-256
• rsa-sha2-512
• ssh-rsa-sha256@ssh.com

Support for Visual Studio 2017

All Rebex libraries are now fully supported in Microsoft Visual Studio 2017. Older Visual Studio versions (2008 and higher) and .NET Framework versions (2.0 and higher) are still supported as well.

Minor ISocket API changes

Legacy parts of ISocket interface were moved into ISocketExt interface. If you implemented a custom transport layer using the ISocket API, make sure to implement ISocketExt instead when upgrading to this release.

Seldom-used static methods in CryptoHelper class were removed. If you need any of them, please let us know.

Detailed list of changes:

• All: Mono 2.10 is no longer supported. (Mono 3.x and 4.x still supported.)
• SFTP: Added Sftp.Settings.SkipDuplicateItems option (set to true by default).
• File Server: Fixed an issue in renegotiation that caused connection failure in some scenarios.
• File Server: Fixed incompatibilities in rsa-sha2-256/rsa-sha2-512 signature format.
• File Server: Added support for client key authentication using 'rsa-sha2-256', 'rsa-sha2-512' and 'ssh-rsa-sha256@ssh.com' algorithms.
• SSH Shell: Fixed LogWriter propagation in Ssh object.
• Networking: Added logging of environment and platform information.
• Networking: Enhanced target address logging when connecting.
• Networking: HTTP core provides better inner exceptions on errors.
• Networking: Legacy members of custom transport layer API moved from ISocket to ISocketExt.
• Networking: Fixed ProxySocket.Connect(...) on Mono 2.10.
• SSH: Enhanced cipher mismatch error reporting during SSH negotiation to produce informative error messages.
• SSH: Added GetSupportedMacAlgorithms/​GetSupportedEncryptionAlgorithms/​GetSupportedKeyExchangeAlgorithms static methods to SshParameters.
• SSH: Added support for client key authentication using 'rsa-sha2-256', 'rsa-sha2-512' and 'ssh-rsa-sha256@ssh.com' algorithms.
• SSH: Added OpenSSH-style fingerprint support to SshFingerprint class.
• TLS/SSL: Added support for Elliptic Curve DSA to TLS 1.2/1.1/1.0.
• TLS/SSL: Fixed unexpected connection closure handling in TlsSocket.
• TLS/SSL: Fixed handling of Timeout value in TlsSocket.Receive.
• Cryptography: Added support for Elliptic Curve DSA to Certificate/​CertificateChain/​CertificateIssuer classes.
• Cryptography: SignMessage/VerifyMessage methods added to AsymmetricKeyAlgorithm.
• Cryptography: Renamed KeyDerivationOptions class to KeyDerivationParameters.
• Cryptography: Removed seldom-used static methods from CryptoHelper.
• Cryptography: CertificateIssuer class made available on .NET Compact Framework.
• Cryptography: Fixed TLS 1.0/1.1 on FIPS-only Windows with disabled UseFipsAlgorithmsOnly.
• Cryptography: Enhanced CertificateIssuer API.
• Cryptography: Fixed PrivateKeyInfo.KeyAlgorithm that returned non-standard values for some ECDSA keys.
• Cryptography: Fixed handling of padding in ECDSA private keys stored using the new OpenSSH format.
• Cryptography: Fixed weak algorithm detection in .NET Compact Framework custom certificate verifier.

2017 R1 #

(build 6249 from 2017-02-08)

Support for the new OpenSSH key format

Our SSH based libraries can now save private keys using the new OpenSSH key format (Base64-encoded keys with "BEGIN OPENSSH PRIVATE KEY" header).

Detailed list of changes:

• SFTP: Enlarged default transfer queue lengths.
• SCP: Fixed ScpTransferProgressEventArgs.Id property.
• File Server: Added FileServer.​Settings.​ReceiveBufferSize and SendBufferSize properties.
• File Server: Fixed handling of several control characters in virtual shell.
• Networking: Added workaround for a breaking change in Exception.Data on recent Xamarin.iOS.
• Networking: TlsSocket.Timeout modifies the underlying ISocket.Timeout as well now.
• Networking: Slightly enhanced certificate rejection reason reporting in TLS.
• Networking: Enhanced ProxySocket connection initialization.
• SSH: Added EnsureKeyAcceptable option that instructs SSH client to announce public key to the server before performing key authentication.
• SSH: Added support for saving private keys in new OpenSSH key format (Base64-encoded keys with "BEGIN OPENSSH PRIVATE KEY" header).
• SSH: Added support for "rsa-sha2-256" and "rsa-sha2-512" host key algorithms.
• SSH: Added support for "diffie-hellman-group14-sha256", "diffie-hellman-group15-sha512" and "diffie-hellman-group16-sha512" key exchange algorithms.
• TLS/SSL: Added support for Renegotiation Indication Extension (RFC 5746).
• TLS/SSL: Preferred TLS/SSL ciphers can be now defined (using TlsParameters.SetPreferredSuites method).
• TLS/SSL: Added check for private key accessibility when starting server-side TLS.
• Cryptography: Added support for ValidationOptions.UseCacheOnly on .NET CF.
• Cryptography: Substantially optimized CRL parsing code used by enhanced certificate validator on .NET Compact Framework.

2016 R3 #

(build 6198 from 2016-12-19)

Elliptic curve cryptography in SSH

All Rebex libraries utilizing our SSH library now support SSH key exchange algorithms based on Elliptic Curve Diffie-Hellman (ECDH) algorithm and SSH host key algorithms based on Elliptic Curve DSA (ECDSA) and Edwards-curve DSA (EdDSA) algorithms:

• ecdh-sha2-nistp256
• ecdh-sha2-nistp384
• ecdh-sha2-nistp521
• curve25519-sha256@libssh.org
• ecdsa-sha2-nistp256
• ecdsa-sha2-nistp384
• ecdsa-sha2-nistp521
• ssh-ed25519

Please note that external plugins might be needed for some of those algorithms or curves on some platforms.

New OpenSSH key format support

SshPrivateKey and PrivateKeyInfo objects can read server and client keys utilizing the new OpenSSH key format (Base64-encoded keys with "BEGIN OPENSSH PRIVATE KEY" header). This format is usually used to store ED25519 or ECDSA keys.

Fine-tuning enabled ciphers in SSH

Previously, SshParameters only made it possible to enable/disable groups of ciphers. Now, it's possible to fine-tune the list of supported algorithms, including their preferred order (client-side only) using SetKeyExchangeAlgorithms, SetHostKeyAlgorithms, SetEncryptionAlgorithms and SetMacAlgorithms methods. Please note that KeyExchangeAlgorithms, HostKeyAlgorithms, EncryptionAlgorithms and MacAlgorithms properties still apply - a cipher is only used when it is enabled by both the method and property.

Disabled weak algorithms in SSH

Several legacy ciphers are now disabled by default: diffie-hellman-group1-sha1, blowfish-ctr, blowfish-cbc, arcfour256, arcfour128, arcfour. Use SshParameters.KeyExchangeAlgorithms and SshParameters.EncryptionAlgorithms to enable them.

Weak RSA server host keys shorter than 1024 bits are now rejected by default. Use SshParameters.MinimumRsaKeySize property to specify a custom key size.

Detailed list of changes:

• SFTP: Added Sftp.GetChecksum methods (only for servers that support the "file-check" extension).
• SFTP: Changed Sftp.GetStream in UWP edition to use .NET API instead of Windows Store API.
• SFTP: ServerKey property added to Sftp/Scp objects, providing server public host key of the server.
• File Server: Renamed FileServerUser constructor's physicalRootPath argument to virtualRootPath.
• File Server: Added support for "ecdh-sha2-nistp256", "ecdh-sha2-nistp384", "ecdh-sha2-nistp521" and "curve25519-sha256@libssh.org" key exchange algorithms (plugins needed to enable them).
• File Server: Proper maximum packet size used when sending channel data (instead of hardcoded value).
• File Server: Fixed rename operation that used to fail for directories located in the physical disk's root directory.
• File Server: Fixed a bug that could cause timeout and session failure during SSH session renegotiation.
• File Server: Added support for "ecdsa-sha2-nistp256", "ecdsa-sha2-nistp384", "ecdsa-sha2-nistp521" and "ssh-ed25519" host key algorithms (plugins might be needed on some platforms).
• File Server: Both RSA and DSA certificates can be used as host key at the same time.
• SSH Shell: Fixed race condition at start of SSH tunnel that might cause data corruption.
• SSH Shell: ServerKey property added to Ssh object, providing server public host key of the server.
• Telnet: Added experimental Telnet binaries for Windows Store / Universal Windows Platform.
• Terminal: Fixed TerminalControl.​CursorBlinkingInterval (could temporarily leave the cursor in 'off' state).
• Terminal: No longer waiting for channel close confirmation in TerminalControl.Dispose.
• Terminal: Added a workaround for delayed close/dispose of SerialPort class in SerialPortChannel.
• Terminal: Fixed a bug that caused TerminalControl to become unusable when its Control.RecreateHandle method has been called.
• Terminal: Fixed rare race condition in TerminalControl.Unbind.
• Security: Added FileEncryption.XtsBlockSize; fixed FileEncryption.EncryptionKeySize when using XtsAes.
• Security: XtsStream now flushes the base stream on SetLength.
• Networking: Enhanced and optimized HTTP/HTTPS client core.
• Networking: Connect/Listen methods on ProxySocket/TlsSocket objects now throw an exception when called twice on the same socket.
• Networking: Added SocketInformation constructor.
• SSH: Added support for "ecdh-sha2-nistp256", "ecdh-sha2-nistp384", "ecdh-sha2-nistp521" and "curve25519-sha256@libssh.org" key exchange algorithms (plugins might be needed on some platforms).
• SSH: Added support for saving keys in new OpenSSH key format (Base64-encoded keys with "BEGIN OPENSSH PRIVATE KEY" header).
• SSH: Added SetKeyExchangeAlgorithms, SetHostKeyAlgorithms, SetMacAlgorithms methods to SshParameters object to make it possible to fine-tune the list of enabled SSH ciphers.
• SSH: Legacy Diffie-Hellman group exchange is only used with legacy SSH servers.
• SSH: Added SshSession.ServerInfo property to make it possible to determine ciphers supported by the SSH server.
• SSH: Added SshPublicKey.KeySize property.
• SSH: Added SshParameters.MinimumRsaKeySize property specifying to connect only to SSH servers with RSA server key of given size or higher.
• SSH: Added support for "ecdsa-sha2-nistp256", "ecdsa-sha2-nistp384", "ecdsa-sha2-nistp521" and "ssh-ed25519" host key algorithms (plugins might be needed on some platforms).
• SSH: Disabled weak SSH ciphers by default (they can still be enabled explicitly).
• SSH: Check availability of associated private key when adding a certificate-based server host key.
• SSH: Fixed possible NullReferenceException when closing SSH client from another thread just before receiving data.
• TLS/SSL: Added support for Elliptic-Curve based TLS ciphers (TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384, TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDHE_RSA_WITH_RC4_128_SHA) with NIST P-256/P-384/P-521, Curve 25519 and Brainpool P256R1/P384R1/P512R1 curves. Plugins are needed for some of those.
• TLS/SSL: Server name is now passed to TLS server during negotiation (use TlsParameters.CommonName to override it).
• TLS/SSL: Fixed TlsCipherSuite.All to include all recently added cipher suites.
• TLS/SSL: All legacy 'EXPORT1024' ciphers are now prohibited by default in addition to already-prohibited 'EXPORT' ciphers (unless AllowVulnerableSuites option is enabled).
• TLS/SSL: Fixed issues with some legacy TLS/SSL ciphers (all of them were already disabled by default).
• TLS/SSL: Enhanced error reporting in server-side TLS/SSL library.
• Cryptography: Improved ASN.1 time node parser.
• Cryptography: Added support for certificate validation on Universal Windows Platform.
• Cryptography: Added custom X.509 certificate validator for .NET Compact Framework with full SHA-2 support on all platforms.
• Cryptography: Fixed parsing of 'Intended Usage' extension when 'Decipher Only' was specified.
• Cryptography: Added static Create method to SHA256Managed/​SHA384Managed/​SHA512Managed classes on .NET Compact Framework.
• Cryptography: ValidationResult.ErrorCode deprecated and replaced with NativeErrorCode.
• Cryptography: Optimized memory usage in CMS/PKCS #7 (SingedData/EnvelopedData classes).
• Cryptography: Added missing argument checks to CertificateIssuer methods.
• Cryptography: Added support for Base64-encoded files with CRLF end-of-line sequences to CertificateChain.LoadP7b method.
• Cryptography: Fixed HMAC calculation based on SHA-384 and SHA-512 on NET Compact Framework and Mono platforms.
• Cryptography: Added Rebex.​Security.​Certificates.​CertificateEngine class to make it possible to implement custom X.509 chain building and validation engines.
• Common: Added ConsoleLogWriter for Xamarin platforms.
• Common: Added Rebex.TeeLogWriter class that makes it possible to log to multiple log writers.
• Common: Added LocalItem.GetChecksum methods and related types.

2016 R2.2 #

(build 6083 from 2016-08-26)

Maintenance release

This update brings several improvements, workarounds and bugfixes.

Detailed list of changes:

• File Server: Fixed FileUploaded/FileDownloaded events that used to be wrongly called on session failure.
• SSH: Enhanced handling of errors in FingerprintCheck event handlers.
• TLS/SSL: Fixed a rare issue in abbreviated TLS/SSL negotiation handling.
• Cryptography: Added CheckCertificate/​GetIssuingDistributionPoint methods to CertificateRevocationList class and ValidateRevocationList method to Certificate class.
• Cryptography: Enhanced SHA-2 support check on .NET Compact Framework.
• Cryptography: Fixed SHA-2 support in AsymmetricKeyAlgorithm.SignHash on Windows Server 2008 (and possibly other old platforms).
• Common: Added workaround for broken FileStream.SetLength on some .NET Compact Framework platforms.

2016 R2.1 #

(build 6054 from 2016-07-28)

Fixed RSA-based session negotiation in File Server

In 2016 R2, File Server always attempted to use RSAManaged to create an RSA signature instead of using RSACryptoServiceProvider whenever possible.

Experimental support for Universal Windows Platform in File Server

Rebex File Server binaries for Universal Windows Platform are now available. Supported platforms include Windows 10, Windows 10 Mobile, Windows 10 IoT and possibly Xbox One. (Experimental binaries of other Rebex libraries - SFTP, FTP/SSL, Time, ZIP, File Transfer Pack, Terminal Emulation - have been available since 2016 R1.)

Maintenance release

This is a maintenance release with enhancements and fixes in the shared functionality.

Detailed list of changes:

• File Server: Added FileServer.Settings.ShowHiddenItems option that makes it possible to show file system items with 'hidden' flag from directory listings.
• File Server: Added experimental File Server binaries for Universal Windows Platform.
• File Server: Added support for extremely verbose incoming packet logging (log level 0).
• File Server: Fixed handling of connection protocol packets received during renegotiation.
• Networking: Fixed ProxySocket.ToEndPoint to throw a more meaningful exception for entries with no IP addresses.
• TLS/SSL: Fixed unreadable TLS debug log messages on Xamarin platforms.
• TLS/SSL: Added workarounds for bugs in Microsoft Schannel implementation of DHE_RSA_* ciphers related to incorrect padding processing.
• Cryptography: Fixed AsymmetricKeyAlgorithm.SignHash (in 2016 R2, it falls back to RSAManaged without trying to use RSACryptoServiceProvider first).
• Cryptography: Fixed CertificateIssuer.​IssueRevocationList method that ignored signatureHashAlgorithm argument and always used SHA-1.
• Common: FileLogWriter on Windows Store 8.x / Universal Windows Platform is now thread-safe.
• Common: Fixed LocalItem(string) constructor on Windows Store 8.x / Universal Windows Platform.
• Common: Added workaround for broken handling of surrogate pairs when converting to "iso-8859-1" using System.Text.Encoding on Mono 4.x.

2016 R2 #

(build 6026 from 2016-06-30)

Support for Xamarin June 2016 Update

June 2016 update of Xamarin.iOS/Xamarin.Android/Xamarin.Mac introduced a breaking change in Mono.Security API that broke compatibility with Rebex libraries. This issue has been solved in this release.

SHA-2 for all supported .NET Compact Framework platforms

SHA-1 is currently being deprecated (applies to X.509 certificates, TLS/SSL and SSH), which poses a problem for legacy .NET Compact Framework platforms based on editions of Windows CE with no native SHA-2 support. To make solutions for these platforms compatible with current TLS/SSL and SSH serves, we added a custom implementation of SHA-2 for these legacy platforms.

Telnet/SSL

Support for Telnet over TLS/SSL has been added. Supported TLS/SSL versions: SSL 3.0, TLS 1.0, 1.1, 1.2.

YMODEM file transfers

Terminal Emulation library now supports legacy terminal-based YMODEM file transfer protocol.

Additional SSH host key algorithms

Support for 'x509v3-sign-dss', 'ssh-rsa-sha256@ssh.com' and 'x509v3-sign-rsa-sha256@ssh.com' host key algorithms has been added to SFTP, SCP, SSH and File Server libraries.

Detailed list of changes:

• SFTP: Improved Disconnect method on .NET CF to make sure the connection is closed gracefully.
• File Server: Enhanced error reporting when trying to delete non-empty directories.
• File Server: Fixed data buffering in SFTP subsystem.
• File Server: Ssh object now properly closes tunnel listeners when disposed.
• File Server: Added MaxSessionTransferredBytes and MaxSessionDuration settings to specify when to trigger session renegotiation.
• File Server: Added FileServer.Settings.UseLargeBuffers option.
• File Server: Added support for additional server authentication algorithms ('x509v3-sign-dss', 'ssh-rsa-sha256@ssh.com' and 'x509v3-sign-rsa-sha256@ssh.com').
• File Server: Fixed compatibility with Bitvise SSH Client related to text mode.
• File Server: Fixed error handling in SSH tunnel starter.
• File Server: Fixed possible NullReferenceException on connection failure.
• File Server: Added ClientSoftwareIdentifier to PreAuthenticationEventArgs and AuthenticationEventArgs.
• SSH Shell: Incoming SSH tunnels are now properly handled on explicitly-bound Ssh objects.
• SSH Shell: Fixed Ssh.Timeout to set inner session timeout as well.
• Telnet: Added TelnetEscapesCarriageReturn option that specifies whether to send <CR> or <CR><NUL>.
• Telnet: Added KeepAlive method to Scripting object.
• Terminal: VirtualTerminal class is no longer sealed.
• Terminal: Added support for YMODEM file transfers.
• Terminal: Fixed Telnet to treat incoming <CR><NUL> sequences as <CR>.
• Terminal: Added support for Telnet/SSL (Telnet secured with TLS or SSL).
• Terminal: Extended range of palette index argument of TerminalOptions.SetColorIndex method from 0-15 to 0-255.
• Terminal: Added EnableMouseWheel option to TerminalControl (makes it possible to disable mouse wheel scrolling).
• Terminal: Fixed scrolling to history buffer when resizing the terminal control.
• Terminal: Improved ScriptEvent.Delay and ScriptEvent.Duration processing.
• Terminal: Better logging in Scripting API.
• Networking: Increased default receive buffer size on Windows 8 and higher. Added related Proxy properties to make this configurable.
• Networking: ProxySocket object's Connect method now uses the timeout value specified by the Timeout property.
• SSH: Added support for additional server authentication algorithms ('x509v3-sign-dss', 'ssh-rsa-sha256@ssh.com' and 'x509v3-sign-rsa-sha256@ssh.com').
• SSH: Disabled hmac-sha96 SSH cipher in FIPS mode (it's not compliant).
• SSH: Fixed error handling in queued background calls (mostly applies to session renegotiation).
• SSH: Fixed renegotiation handling to allow renegotiation while authenticating.
• SSH: Fixed DSA client certificate authentication.
• SSH: Enhanced interactive authentication support to handle uppercase password prompts.
• TLS/SSL: Enhanced SHA-2 support for .NET Compact Framework. SHA-256, SHA-384 and SHA-512 are now supported even on platforms with no native SHA-2 support.
• TLS/SSL: Added Settings.SslSession property to allow resuming specific TLS/SSL sessions.
• TLS/SSL: Fixed record layer 'protocol version' handling.
• TLS/SSL: Enhanced Diffie-Hellman key exchange logging.
• Cryptography: Fixed detection of native SHA-2 support in .NET Compact Framework version.
• Cryptography: Added support for more variants of OpenSSL/OpenSSH (SSLeay) key files.
• Cryptography: Fixed Certificate.Associate to work with DSA keys.
• Cryptography: Added CrlNumber property to CertificateRevocationList object.
• Cryptography: Added support for SHA-2 certificates to Certificate.VerifyHash in .NET Framework 2.0 on Windows with FIPS-compliant mode enabled.
• Cryptography: Certificate.LoadPfx and CertificateChain.LoadPfx methods now specify Exportable options by default (in addition to UserKeySet).
• Cryptography: Added workaround for RSA implementations that reject rare signatures shorter than the key size.
• Common: Enhanced SSPI error messages.
• Common: Fixed LogWriterBase.Level default value.
• Common: Fixed compatibility issue in Xamarin edition (caused by a breaking change in June 2016 update of Xamarin).

2016 R1.1 #

(build 5885 from 2016-02-10)

Experimental assemblies for Xamarin.Mac

Added experimental binaries of most Rebex libraries (FTP/SSL, SFTP, File Server, Secure Mail, ZIP, Time, Security) for Xamarin.Mac platforms. They are suitable for targeting Xamarin.Mac Mobile Framework and Xamarin.Mac .NET 4.5 Framework projects.

Maintenance release

Experimental binaries of most Rebex libraries (FTP/SSL, SFTP, File Server, Secure Mail, ZIP, Time, Security) for the Xamarin.Mac platform are now available. They are suitable for targeting both Xamarin.Mac Mobile and Xamarin.Mac .NET 4.5 Framework projects.

Maintenance release

This release includes several hotfixes.

Detailed list of changes:

• SSH Shell: Specified default values for SshParameters properties (fixes issues with SshTerminalCotrol and Visual Studio 2015's designer).
• SSH Shell: Fixed handling of failed reverse tunneling attempts.
• SSH Shell: Fixed "postponed-close" workaround for servers with broken SSH channel closure.
• Security: Reusing FileEncryption.Encrypt with different encryption algorithms is now supported without changing the password.
• SSH: Fixed seldom-used SshSession.Connect(string, int) method that was freezing since 2016 R1.
• SSH: Added workaround for older version of Bitvise server that don't properly handle SSH channel closing.
• SSH: Fixed handling of multi-line SSH banner messages.
• SSH: Fixed a bug in SSH channel window size adjustment.
• SSH: Fixed potential NullReferenceException error in SshSession.Dispose method.
• TLS/SSL: Disabled any usage of MD5 in TLS 1.2 to prevent SLOTH attacks.

2016 R1 #

(build 5855 from 2016-01-11)

SSH tunneling (port forwarding)

Terminal Emulation library now features a simple-to-use API for SSH tunneling (port forwarding). Support for outgoing SSH tunnels (port forwarding) was added to File Server library as well.

Experimental assemblies for Windows Store Apps

Experimental binaries of many Rebex libraries (SFTP, FTP/SSL, Time, ZIP, File Transfer Pack, Terminal Emulation) for "Windows 8 Store", "Windows 8.1 PCL", and "Windows Universal Platform" are now available. The are suitable for "Store Apps" targeting Windows 8.0, Windows 8.1, Windows Phone 8.1, Windows 10, Windows 10 Mobile and Windows 10 IoT.

Mitigation of Logjam attacks

Check for minimum allowed Diffie-Hellman key size (1024 bits) has been added to SSH and TLS/SSL to mitigate Logjam attacks. The minimum value can be changes using Settings.SslMinimumDiffieHellmanKeySize or Settings.SshParameters.MinimumDiffieHellmanKeySize.

File upload/download events in File Server

Added FileUploaded and FileDownloaded events to make it easier to track uploads and downloads.

Server certificate authentication in SSH

Rebex SFTP, Terminal Emulation and File Server now support X.509 certificate host key algorithm, making it possible to authenticate servers using a certificate instead of public key.

Enhanced virtual shell support

File Server's virtual shell infrastructure offers Empty shell in addition to Scp shell. It provides no predefined commands (with the exception of exit), making it simple to provide a custom set of commands instead.

Detailed list of changes:

• All: Added workaround for Xamarin.Android whose Dns.GetHostEntry resolves 'localhost' to device's external IP address.
• All: Rebex assemblies are now signed with SHA-256 signatures in addition to legacy SHA-1 signatures.
• SFTP: Enhanced error message reported by ChangeDirectory when trying to change into a non-existing directory.
• File Server: Added port forwarding (TCP tunneling) support.
• File Server: Enhanced logging of handle-based file system operations (such as closing a file).
• File Server: IsRunning property added to Server/FileServer objects.
• File Server: Added FileUploaded/FileDownloaded events.
• File Server: Starting a server with no bindings now triggers an error.
• File Server: Fixed wrong session ID in SFTP error log entries.
• File Server: Fixed handling of empty folders on Windows CE.
• File Server: Fixed bad P/Invoke declaration (applies to Windows platforms).
• File Server: Enhanced error reporting in SFTP and SCP and fixed several wrong error codes.
• File Server: Fixed file delete operation that used to report success when deleting non-existent file on non-Windows platforms.
• File Server: Fixed compatibility issues with libssh2.
• File Server: Added proper data window size checks.
• File Server: Added workaround for wrong error code reported as last error when deleting non-existent file.
• File Server: Added workaround for Open with Create+Read in .NET-based virtual file system.
• File Server: Fixed Unbind method that occasionally triggered an error.
• File Server: Added FileServerProtocol.Shell (replaces FileServerProtocol.Scp). Makes it possible to choose between SCP shell and empty shell when constructing a user object.
• File Server: Enhanced error handling during initialization. Early closed connections no longer leave the server in an unusable state.
• File Server: Added workaround for buggy (or malicious) clients that send incomplete disconnect requests.
• File Server: Added logging of successful and failed authentication attempts.
• File Server: Added workaround for Windows CE with missing Enhanced DSS and Diffie-Hellman Cryptographic Provider (managed and slow implementation of Diffie-Hellman is used in this case).
• File Server: Fixed FileServer constructor (used to fail when default charset was multi-byte but not UTF-8).
• File Server: Unified ShellCommandEventArgs.User and SshConsole.User types.
• File Server: Added support for certificate-based server authentication (using 'x509v3-sign-rsa algorithm').
• File Server: Enhanced key negotiation error logging.
• File Server: Added workaround for Xamarin.Android where it was possible to open a non-existing directory.
• SSH Shell: Added easy-to-use SSH port forwarding (TCP tunneling) API.
• SSH Shell: Support for zsh shell added to Shell object's well-known-shell mode.
• Terminal: TerminalControl.SelectionChanged raised on double and triple clicks as well.
• Terminal: Improved behavior of 'CSI J' sequence.
• Terminal: Fixed inappropriate "Object never unlocked" error.
• Terminal: Fixed handling of lone CR characters.
• Security: Added XtsSettings class (passed to XtsStream constructor) to make it possible to specify additional options such as key size.
• Security: Added FileEncryption.EncryptionKeySize property to make it possible to specify encryption algorithm's key size.
• Networking: Fixed a bug in SOCKS4/SOCKS5 response reading code that triggered an infinite loop with buggy proxy servers.
• Networking: Enhanced DNS resolution error messages.
• SSH: Enhanced interactive authentication support to make it possible to use AuthenticationRequest event to ask for username and password.
• SSH: Enhanced rejected authentication logging and error reporting.
• SSH: Fixed compatibility with old versions of OpenSSH (2 and 3).
• SSH: Fixed a bug that could cause a deadlock in packet sending routine.
• SSH: Added SshParameters.​MinimumDiffieHellmanKeySize value (set to 1024 by default to mitigate Logjam attacks).
• SSH: SshPrivateKey constructor's 'password' argument made optional.
• SSH: No exception is thrown when the server aborts connection instead of closing it (unless a packet is being received).
• SSH: Enhanced 'no common algorithms' error message.
• SSH: Refactored SSH core to handle multi-thread scenarios more efficiently.
• SSH: Added certificate-based constructor to SshPublicKey class.
• SSH: Added support for certificate-based server authentication (using 'x509v3-sign-rsa algorithm').
• SSH: Fixed misleading error message when user interactive authentication attempt is rejected.
• SSH: Added support for one additional 'keyboard-interactive' authentication prompt ('Password for [user@server]:').
• SSH: Added Settings.PostponeChannelClose option to enable workaround for servers that send channel data or exit code after the channel has been closed.
• SSH: Added EnableSignaturePadding option that forces signature padding (workaround for SSH servers that got signature padding wrong).
• SSH: Added logging of debug messages received from SSH server.
• TLS/SSL: TLS 1.2 made compatible with Microsoft's implementation.
• TLS/SSL: Fixed client certificate authentication in TLS 1.2.
• TLS/SSL: Added Settings.​SslMinimumDiffieHellmanKeySize value (set to 1024 by default to mitigate Logjam attacks).
• TLS/SSL: Added reliable detection of SHA-2 certificate support.
• Cryptography: Enhanced cryptographic provider initialization error message.
• Cryptography: Added workaround for PuTTY keys with bad data at the end.
• Common: Fixed multi-file operations to never modify input FileSet's BasePath.
• Common: ThreadPool is now used to handle background operations instead of a custom implementation.
• Common: Enhanced multithread operation support in log writers.

2015 R4.1 #

(build 5715 from 2015-08-24)

Fixed Xamarin mobile platform detection

Fixed platform detection code on Xamarin.iOS and Xamarin.Android.

Detailed list of changes:

• All: Fixed platform detection on Xamarin.Android and Xamarin.iOS.
• All: Version and platform added to assembly description.

2015 R4 #

(build 5700 from 2015-08-09)

Support for Windows 10, .NET Framework 4.6 and Visual Studio 2015

All Rebex libraries now ship with full support for Windows 10, .NET Framework 4.6 and Microsoft Visual Studio 2015. Older Visual Studio versions (2005 and higher) and .NET Framework versions (2.0 and higher) are still supported as well.

Faster TLS/SSL and SSH negotiation on Xamarin.Android

Our SSH and TLS/SSL libraries now use Java-based Diffie-Hellman on Xamarin.Android, which substantially speeds up SSH and TLS/SSL negotiation when Diffie-Hellman algorithm is used.

Improved TerminalControl performance

TerminalControl is now even faster - we significantly improved scrolling speed when receiving lots of data. Just try sending "ls -lR /" to a Unix-like server to see this in action.

Cursor blinking and custom colors

TerminalControl now supports cursor blinking and makes it possible to customize the cursor color as well.

Detailed list of changes:

• All: Enhanced platform detection code.
• SFTP: Fixed Sftp.AbortTransfer to support value type states.
• SFTP: DownloadBufferSize, DownloadQueueLength, UploadBufferSize and UploadQueueLength added to Sftp.Settings.
• SFTP: Added workaround for a bug in GlobalScape 7.1.x which sends erroneous empty data packets to the client.
• SFTP: Fixed ObjectDisposedException that might have occurred when an SSH channel has been closed in a certain way.
• SCP: Fixed treatment of additional special characters in remote paths.
• File Server: Added support for UNC paths.
• File Server: Fixed issues with HMAC-SHA1 and HMAC-MD5 in FIPS-only mode.
• File Server: Added support for message authentication algorithms based on SHA-2 on .NET Compact Framework (when supported natively).
• File Server: Fixed handling of "empty" read requests (used to send back EOF instead of an empty block).
• File Server: Enhanced subsystem shutdown process to prevent exception messages in the log.
• File Server: LogLevel for SFTP filesystem errors lowered from Debug to Verbose.
• Terminal: Significantly improved scrolling speed when receiving lots of data.
• Terminal: Better handling of switching view buffers with different escape sequences.
• Terminal: Fixed ScriptMatchInfo.Position that used to be the position of a second character of a match.
• Terminal: Added support for cursor color changing and blinking.
• Terminal: Added workaround for clipboard-related errors.
• Terminal: Add TerminalColor static class that defined color constants.
• Terminal: Added TerminalControl.ScreenResize event that is raised when the terminal screen size has been changed.
• Security: Added support for public/private key encryption to XtsStream.
• SSH: Added Settings.TryPasswordFirst and Settings.​WaitForServerWelcomeMessage workarounds to Scp and Ssh.
• SSH: Added support for message authentication algorithms based on SHA-2 on .NET Compact Framework (when supported natively).
• SSH: Fixed NullReferenceException thrown by some SshSession properties (such as IsConnected) when not connected.
• SSH: SHA-2 is now the preferred message authentication algorithm.
• SSH: Added logging of SSH packet header data on decoding error.
• SSH: Added support for larger SSH packets.
• TLS/SSL: Unified status handling in ValidatingCertificate events and ICertificateVerifier interface.
• TLS/SSL: Enhanced TLS/SSL version mismatch handling.
• Cryptography: Fixed final empty block handling in Twofish/Blowfish/ArcTwo TransformFinalBlock with PKCS #7 padding.
• Cryptography: SSH and TLS/SSL now use Java-based Diffie-Hellman objects on Xamarin.Android platform to speed up negotiation.
• Common: Fixed end-of-line sequences in LogWriterBase, optimized FileLogWriter.
• Common: Added workaround for broken ASN.1 time values with the second part of "60".

2015 R3.1 #

(build 5584 from 2015-04-15)

File Server bugfixes

Two bugs have been fixed in Rebex File Server. One bug caused errors in WinSCP while uploading files over SFTP, another bug made it impossible to create files and directories whose names contained whitespaces when uploading over SCP.

Detailed list of changes:

• File Server: Fixed SFTP file creation that was not compatible with WinSCP.
• File Server: Fixed SSH packet names in verbose log.
• File Server: Fixed handling of filenames with whitespaces in SCP.
• File Server: Disabled legacy "arcfour" SSH cipher by default.
• SSH: Disabled legacy "arcfour" SSH cipher by default.
• SSH: Fixed a bug that caused an algorithm list set by Settings.​SshParameters.​SetEncryptionAlgorithms to be ignored in FIPS-compliant mode.

2015 R3 #

(build 5577 from 2015-04-08)

New library - Rebex File Server

Rebex File Server is an SFTP, SCP and SSH server library. It provides secure remote file system access over an SSH channel using the SFTP or SCP protocols and makes it simple create an SFTP server that can be used by Rebex SFTP or any third-party SFTP, SCP or SSH client. Supports .NET Framework, .NET Compact Framework, Mono, Xamarin.iOS and Xamarin.Android. Available as a standalone package or as a part of Rebex File Transfer Pack, Rebex SSH Pack or Rebex Total Pack.

Detailed list of changes:

• All: Fixed Version property of Ftp, Imap, Pop3, Scp, Sftp, Smtp and Ssh classes to return a proper version number. Changed Ftp.Version to a static propery to match the other objects.
• SCP: Added missing Scp.Login(SshGssApiCredentials) method and related events.
• File Server: Initial release.
• Terminal: ScriptEvent.Duration makes it possible to limit the amount of time to wait for a response.
• SSH: Enhanced some authentication error messages.
• TLS/SSL: Disabled ciphers based on RC4 to prevend Bar Mitzvah attack on TLS/SSL.
• Cryptography: Enhanced weak signature algorithm detection during certificate validation on Xamarin.iOS.
• Common: Connect methods no longer require FileIOPermission (used to determine the assembly version for a log).

2015 R2 #

(build 5555 from 2015-03-17)

Maintenance release

This update brings several enhancements and bugfixes.

Detailed list of changes:

• SCP: Fixed escaping of round brackets in remote paths.
• Terminal: Fixed Scripting.DetectPrompt logging at Verbose level.
• Terminal: Ssh.Login method can now be called again when authentication fails.
• TLS/SSL: Added support for TLS 1.2.
• TLS/SSL: Added support for AES ciphers with SHA-256 checksums.
• TLS/SSL: Disabled legacy 'exportable' ciphers (by default) to prevent FREAK security exploit.
• Cryptography: Added support for SSLeay private keys with AES-256-CBC encryption.
• Cryptography: Fixed broken HashSize property in SHA-2 CSP on .NET Compact Framework.

2015 R1 #

(build 5512 from 2015-02-02)

Support for Xamarin Unified API

Added support for the new Unified API. This includes unified 32-bit and 64-bit platform support and makes it simple to share code between iOS and Mac.

Detailed list of changes:

• All: Added support for Xamarin.iOS unified API.
• SFTP: Added Sftp.Settings.LogChecksums option that makes it easily possible to log checksums of uploaded files.
• SFTP: Fixed listing of root-level wildcard paths.
• SFTP: Added Sftp.CreateSymlink method.
• Terminal: Unified the treatment of TerminalOptions argument in StartVirtualTerminal and StartScripting methods.
• Terminal: Enhanced TerminalScreen.GetRegionText method to work with history buffer as well; added ITerminal.HistoryLength property.

2014 R3 #

(build 5466 from 2014-12-18)

UI-less terminal for Xamarin.Android, Xamarin.iOS and .NET Compact Framework

Terminal goes mobile. It's now possible to use UI-less terminal classes on iOS, Android and .NET Compact Framework . This includes VirtualTerminal, rich scripting API, remote exec, terminal emulation and other features.

Serial port connection support in Terminal Emulation

Terminal emulation features a new API for connecting to devices via serial RS-232 cable .

Detailed list of changes:

• All: Added more overloads to asynchronous Connect and Login methods.
• All: Removed legacy Connect methods and enumerations from Xamarin.iOS and Xamarin.Android version (should never have been there).
• SFTP: Added workaround for Axway's strangely-behaved SSH_FXP_OPENDIR command.
• SFTP: Added workaround for WS_FTP's problematic SSH_FXP_REALPATH command.
• SFTP: Enhanced SFTP client to work nicely with Rebex File Server.
• Telnet: Added serial port (RS-232) support.
• Telnet: Removed Telnet.StartScripting(string command, ...) method (should never have been there).
• Terminal: Headless terminal emulation now supported on Xamarin.Android, Xamarin.iOS and .NET Compact Framework.
• Terminal: Added support for custom screen renderers (IScreen interface).
• Terminal: Added FunctionKey.Tab.
• Terminal: Scripting.DetectPrompt() supports encapsulated prompt in parenthesis.
• Terminal: Fixed a bug in Ssh.StartVirtualTerminal method that can cause a NullReferenceException or invalid initialization of screen resolution.
• Terminal: Terminal in rare cases rendered only first column of the response.
• Terminal: Scripting.DetectPrompt() supports '/n' (LF) Prompt in response to ENTER.
• Terminal: In rare cases cursor had not been rendered.
• Terminal: Added "round arc box" characters support - rendered as "rectangular arc box" characters.
• Terminal: Scripting reading methods does not throw an exception when connection is closed. It is reported as a valid state.
• Terminal: Fixed unwanted sharing of one TerminalPalette instance between two or more TerminalControl controls.
• SSH: Enhanced SshPublicKey constructor to accept base64-encoded public key data.
• SSH: Added workaround for wrong SSH_MSG_USERAUTH_PK_OK packet in Cisco SSH.
• TLS/SSL: TLS 1.1 is now used by default in TLS/SSL-enabled libraries. Legacy SSL 3.0 support is disabled by default.
• TLS/SSL: Added experimental support for AES and Twofish based anonymous ciphers.
• Cryptography: Fixed SymmetricKeyAlgorithm.Padding for non-CBC modes.
• Cryptography: Added support for base-64 encoded P7B certificate chains.
• Cryptography: Changed padding of parameters exported by DSAManaged.ExportParameters to match DSACryptoServiceProvider.
• Cryptography: Added AsymmetricKeyAlgorithm.PublicOnly property.
• Cryptography: Added workaround for non-working HMACSHA256/384/512 on some FIPS-only systems.
• Cryptography: Added CertificateExtension.​EnhancedKeyUsage method Useful when constructing certificate requests using CertificateRequest object.
• Cryptography: Fixed DiffieHellmanManaged.KeySize that sometimes reported shorter bit lengths.
• Cryptography: Several new AsymmetricKeyAlgorithm-based methods added to Certificate and CertificationRequest.
• Common: Added LocalItem.Attributes property.
• Common: PKCS #12 key loading routines changed to not persist keys in Windows key storage by default.
• Common: Added ConsoleLogWriter, a console-based log writer class.

2014 R2 #

(build 5298 from 2014-07-03)

New scripting API

Powerful new scripting API makes it much easier to control remote terminals programmatically.

Terminal emulation performance enhancements

The updated TerminalControl is faster and much more responsive.

Detailed list of changes:

• All: Eliminated "Unknown heap type" warnings in Mono.
• SFTP: Added Sftp.​Settings.​DisableRealPathWorkaround option to disable workaround for WS_FTP SSH_FXP_REALPATH bug.
• SFTP: Added workaround for SFTP servers that report duplicate extensions.
• Terminal: Added powerful new scripting API.
• Terminal: Clearing the screen moves its current content to history buffer.
• Terminal: Added TerminalOptions.RemoteCommand to make it possible to launch a command instead of shell.
• Terminal: Substantial performance enhancements in TerminalControl.
• Terminal: Enhanced handling of strange cursor enable mode command.
• Networking: Enhanced logging of failed certificate validation errors.
• Networking: Fixed ProxySocket's Connect method behavior with disabled timeout.
• TLS/SSL: Enhanced TlsVersion and TlsCipherSuite parameters checking.
• TLS/SSL: Fixed alert names in TlsException messages.
• Cryptography: Added Load, Save and Generate methods to PrivateKeyInfo and PublicKeyInfo classes.
• Cryptography: Enhanced CertificationRequest class to support request generating in addition to parsing.
• Cryptography: Fixed behavior with disabled UseFipsAlgorithmOnly on FIPS-only systems.

2014 R1 #

(build 5171 from 2014-02-26)

Maintenance release

This update brings several improvements, workarounds and bugfixes.

Detailed list of changes:

• All: Various small low-level optimizations.
• SFTP: Added Sftp.​Settings.​TreatUnknownItemsAsFiles property (workaround for SFTP serves that return invalid item type values).
• Terminal: Enhanced line characters rendering.
• Terminal: Added support for word/line selection to block selection mode.
• Terminal: Lines with a single character at position 0 are now properly added to history buffer.
• Terminal: Enhanced history buffer behavior when resizing.
• Terminal: Fixed a bug that caused a selection to remain visible after the window content has scrolled and a new selection was made.
• Terminal: Optimizations in escape sequence decoder code.
• Security: FileEncryption.Encrypt an Decrypt methods no longer dispose the target stream.
• Networking: Added static NetworkSession.DefaultLogWriter property to make it easily possible to set a shared log writer for all Ftp/​Sftp/​Imap/​Smtp/​Pop3/​Scp/​Ssh/​SshSession objects.
• Networking: Enhanced logging capabilities of ProxySocket class (Socket4/Socks5 proxies).
• SSH: Added support for SHA-2 (SHA-256 and SHA-512) message authentication codes.
• SSH: Enhanced CTR mode workaround for OpenSSH 4.x.
• SSH: Fixed missing MAC algorithm ID in SshCipher.ToString().
• SSH: Standard form of SSH_MSG_KEX_DH_GEX_REQUEST packets is used with recent OpenSSH servers instead of its legacy form.
• TLS/SSL: Added new Certificate-based CertificateRequestHandler.​CreateRequestHandler overloads.
• Cryptography: Fixed a bug in MD5SHA1 signature validation on .NET Compact Framework.
• Cryptography: Fixed AES CSP availability detection in FIPS-compliant mode.
• Cryptography: Fixed sorting of PKCS #7 signature attributes.
• Cryptography: Added support for AES-128-CBC SSLeay private keys.
• Cryptography: Added workaround for certificates and keys in Base64-encoded format ending with a zero octet.
• Common: Assemblies made more obfuscator-friendly.
• Common: Fixed null value comparisons in FileSystemItemComparer.

2013 R3 #

(build 5085 from 2013-12-02)

Support for Xamarin.iOS and Xamarin.Android

Rebex libraries now support Xamarin.iOS and Xamarin.Android, making it possible to target iPad/iPhone and Android devices! (The only exception is the Terminal Emulation library whose TerminalControl object relies heavily on Windows Forms and is only available for Windows and Linux at the moment.)

Support for .NET Compact Framework 3.9

In addition to .NET CF 2.0 and 3.5, we now support .NET CF 3.9 as well. This makes it possible to target Windows Embedded Compact 2013, Microsoft's latest incarnation of Window CE.

Assemblies for every supported platform for all

With every purchase, you now get binaries for all supported platforms. Users with active support contract were upgraded for free. This will make it easy to embrace the new trends - we offer a single API that works with .NET, .NET Compact Framework, Mono, Xamarin.iOS and Xamarin.Android.

Support for Visual Studio 2013

All Rebex libraries now ship with full support for Microsoft Visual Studio 2013. Older Visual Studio versions (2005 and higher) and .NET Framework versions (2.0 and higher) are still supported as well.

Detailed list of changes:

• All: Xamarin.iOS and Xamarin.Android officially supported in all libraries except Rebex Terminal Emulation.
• All: .NET Compact Framework 3.9 officially supported.
• All: Visual Studio 2013 officially supported.
• SFTP: SftpBatchTransferException made obsolete (use SftpException instead).
• SFTP: Fixed timeout handling in Sftp.Connect method.
• SFTP: Added Sftp.​Settings.​DisablePathNormalization option.
• SFTP: Added Sftp.Setting.RecheckItemExistence option to verify remote item existence before using it.
• SFTP: Fixed assignment of default reaction in response to a problem encountered during Upload/Download methods.
• SCP: Upload and Download methods added to Scp object to replace PutFiles and GetFiles methods.
• SSH Shell: Fixed a bug in Ssh.GetConnectionState() method causing NullReferenceException to be thrown in rare scenario.
• Telnet: Fixed TelnetShellChannel.Poll which used to return NoData too early in some cases.
• Terminal: Added workaround for delayed key events after switching windows.
• Terminal: Added TerminalFontInfo object to make font positioning of TerminalFont more configurable.
• Terminal: Added PuTTY-style doubleclick&drag and tripleclick&drag support.
• Terminal: Added support for extending selection by holding the shift key.
• Terminal: Added TerminalControl.DataProcessingMode property to replace TerminaProcessingMode.
• Terminal: Improved prompt detection in Shell object.
• Terminal: Added workarounds for badly-positioned fonts (small Consolas and Lucida Console).
• Terminal: Added Copying and Pasting events to TerminalControl.
• Terminal: Block copy to clipboard no longer adds a newline sequence.
• Terminal: Compatibility enhancements in Shell.SendCommand method's long command handling.
• Terminal: Better handling of invalid UTF-8 characters when receiving.
• Terminal: Added support for server requests for CP437 charset usage.
• Terminal: Enhanced session recording (stores information about current charset).
• Terminal: Support for shells which send backspace (\b) characters in command echo added to Shell class.
• Terminal: Empty lines are excluded from prompt-matching in Shell class.
• Terminal: Escape sequences now removed before prompt-matching.
• Terminal: VT52 mode is only detected from TerminalName if TerminalType is set to Ansi.
• Terminal: Enhanced VT100 emulation and added support for custom TAB stops, DECOM and DECALN.
• Terminal: Optimized data sending methods to better handle function keys on Pick terminals.
• Terminal: Enhanced double click (word) selection. Non-letter and non-digit characters except '_', '-', '.' and '/' are no longer treated as word part.
• Security: Decrypting with wrong password no longer overwrites the target file.
• Networking: On Windows 8 and 8.1, larger TCP receive buffer size is used by default. The default value caused low transfer speeds in many cases with FTP and SFTP.
• Networking: Added IsAuthenticated and IsConnected properties to NetworkSession (Ftp, Sftp, Scp, Imap, Smtp, Pop3, Ssh and SshSession objects).
• Networking: Added support for digest authentication to HTTP CONNECT proxies.
• Networking: Fixed ProxySocket.BeginSend and BeginReceived methods which used to fail in some scenarios.
• SSH: Added support for additional formats to SshPublicKey/SshPrivateKey object's SavePublicKey method and SshPublicKey constructor.
• SSH: Enhanced error checking to report a more meaningful error instead of "Invalid decoder state" in case of some connection failures.
• SSH: Enhanced GSSAPI/Kerberos support to be compatible with OpenSSH.
• SSH: Added Kerberos ticket delegation support.
• SSH: Added GSSAPI/Kerberos support to .NET CF version of SSH core.
• Cryptography: Changed Certificate.FindCertificates method not to include subordinate CAs in the search by default.
• Cryptography: Fixed CertificateStore.Exists on non-Windows platforms.
• Cryptography: Added workaround for opening certificate stores in .NET CF that don't exist yet.
• Cryptography: Added workaround for problem with DSA certificate in .PFX importing code on Windows Embedded Compact 2013.
• Cryptography: Added .NET CF support for Certificate.Associate(privateKey, permanentBind)
• Cryptography: Added Certificate.​GetAuthorityKeyIdentifier() method.
• Cryptography: Changed SignerInfo and SignerInfo objects to use NULL parameters for hash algorithms (in order to match RSACryptoServiceProvider behavior).
• Common: Added FileLogWriter.Path to replace FileLogWriter.Filename.
• Common: Added LocalItem.ComputeCrc32() method.
• Common: Signed and encrypted message parsing made more compatible with broken messages.

2013 R2 #

(build 4981 from 2013-08-20)

Terminal Emulation library supports both Telnet and SSH transport layers

Our two terminal emulation libraries Rebex Telnet and Rebex SSH Shell were merged into a single product called Rebex Terminal Emulation. The API has stayed the same. All users with active support contract were upgraded for free.

Detailed list of changes:

• Terminal: Fixed screen clearing with non-default background color.
• Terminal: Fixed a bug in TerminalFont.Dispose that used to dispose static brushes.
• Terminal: Added Shell.LastMatchedPrompt property.
• Networking: Added support for IPv6 hostnames with zone IDs.
• TLS/SSL: Added workaround for MS FTP's TLS 1.1 bug in close_notify handling.

2013 R1 #

(build 4959 from 2013-07-29)

Official support for Mono

All Rebex libraries now officially support Mono, an open source, cross-platform, implementation of C# and the CLR that is binary compatible with Microsoft .NET Framework. The same assemblies that work on Windows now work on Mono in Linux or Apple OS X as well.

Terminal emulation enhancements

TerminalControl got better Ctrl+key, Alt+key and Ctrl+Alt+key support. It now also works with both singlebyte and multibyte charsets (previously, the only supported multibyte charset was UTF-8). We increased the maximum history length and enhanced copy-to-clipboard code to omit end-of-line sequences in wrapped text.

Detailed list of changes:

• All: Added support for Mono.
• All: Fixed finalizers that used to call state-changed events in some cases.
• SFTP: GetItems now returns links instead of resolved items.
• SFTP: Sftp.Settings.RestoreDateTime now applies to PutFile and GetFile methods as well.
• SFTP: Fixed handling of broken links when deleting.
• SFTP: Added default error messages for SFTP v4 errors.
• SFTP: Added Sftp.​Settings.​TimeComparisonGranularity property.
• SFTP: Added Sftp.​Setting.​DisableFxpStatWorkaround property.
• SFTP: Fixed FingerprintCheck, BannerReceived and AuthenticateRequest events in Sftp and Scp.
• SFTP: Added Sftp.KeepAlive() method.
• SFTP: Sftp.GetConnectionState() method made more reliable.
• SFTP: When using TransferMethod.Move, only successfully transferred files are deleted.
• SFTP: Fixed SftpItem.Name to return "/" instead of "" for the root folder.
• SFTP: Fixed two event calls in file listing methods that did not use the proper synchronization context.
• SFTP: GetList and GetInfo return a path in the Path property.
• SFTP: Added support for restoring creation date/time on upload.
• SFTP: Enhanced multi-file operation logging.
• SFTP: Added FileSystemItemComparer to replace FtpItemComparer and SftpItemComparer.
• SFTP: Multi-file operations fixed to work properly with '.'-based FileSets.
• SFTP: Several options shared by Ftp and Sftp objects added to IFtpSettings.
• SFTP: Fixed Delete("dir/.") that used to delete "dir" as well.
• SSH Shell: Shell object returned by Ssh.StartShell is initialized with Ssh.Encoding property.
• SSH Shell: Added missing ProxySocketException handling to Ssh.Connect().
• Telnet: Added TelnetTerminalControl.​ConnectAsync().​
• Terminal: Custom-drawn underlines now used for small fonts.
• Terminal: Fixed behavior of the SelectGraphicRendition1 option.
• Terminal: Added support for wrapped text selection copying.
• Terminal: Added support for various Ctrl+key, Alt+key and Ctrl+Alt+key combinations.
• Terminal: Added FunctionKey.Enter.
• Terminal: Added TerminalControl.Scroll(int rows) method.
• Terminal: Better exception handling in TerminalControl.Send.
• Terminal: Added TerminalControl.BindAsync method and fixed argument check in TerminalControl.Bind method.
• Terminal: Enhanced argument checks in VirtualTerminal.Expect method.
• Terminal: Fixed TerminalControl.SetSelection method to ensure all selections are within the screen (and history) boundaries.
• Terminal: Fixed key handling for Portuguese keyboard (Brazil ABNT2).
• Terminal: TerminalControl.HistoryMaxLength increased to 99999.
• Terminal: Added support for all multibyte charsets.
• Terminal: Missing end-of-line sequence added to TerminalScreen.WriteLine(object) method.
• Terminal: Added TerminalScreen.MoveBufferArea() method.
• Terminal: Support for MikroTik added to Shell object.
• Terminal: Palette and color scheme changes clear brush cache.
• Security: Initial public release.
• Networking: Added support for HTTP CONNECT proxy communication logging.
• SSH: Dispose and Disconnect methods added to SshSession object and Close method deprecated.
• SSH: SshSession now throws exceptions with ConnectionClosed status on closed connections.
• SSH: Fixed SshException.Data["ProtocolCode"] and .Data["ProtocolMessage"] values.
• SSH: Added verbose logging of raw data during welcome message exchange.
• SSH: Fixed FingerprintCheck, BannerReceived and AuthenticateRequest events in Ssh.
• TLS/SSL: SslInsertEmptyFragments property added to SslSettings.
• TLS/SSL: Fixed null TlsParameters.Certificate handling in server-side TlsSocket.
• Cryptography: Added support for anyExtendedKeyUsage attribute (in X.509 certificates).
• Cryptography: Added DiffieHellmanCryptoServiceProvider class.
• Cryptography: Added PrivateKeyFormat.RawPkcs8 format for PrivateKeyInfo.Save and PrivateKeyInfo.Encode methods.
• Cryptography: RSAManaged.VerifyHash returns false on error.
• Cryptography: Fixed ArcTwoTransform to treat EffectiveKeySize of 0 as "current KeySize".
• Cryptography: HMAC fixed to use block length of 128 for algorithms with hashes larger than 256 bits.
• Cryptography: Fixed certificate verification to better handle server certificate with missing common name (used to throw NullReferenceException).
• Cryptography: Fixed handle leak in CertificateStore constructor.
• Common: Enhanced workaround for Stream.Seek on .NET CF.
• Common: FileLogWriter enhanced to log assembly version when opening log file.
• Common: Added missing PublicKeyInfo() constructor.
• Common: Added FileSet.​ContainingDirectoriesIncluded option.
• Common: Added workaround for instances of FileStream that return "[Unknown]" name.
• Common: EncodingTools support IBM437 charset on all platforms.
• Common: Added CertificateFindOptions.None.
• Common: Added FileSystemItemCollection.UsePath property.

2012 R3 #

(build 4700 from 2012-11-12)

Official support for Visual Studio 2012

All Rebex libraries now ship with full support for Microsoft Visual Studio 2012. Samples and tutorials were updated for a new project file format. Older Visual Studio and .NET Framework versions are still supported too.

Task-based asynchronous methods

The major change is the addition of new Task-based asynchronous methods to .NET 4.0/4.5 variant of our libraries. This brings our API up-to-date with the current trends and makes it possible to utilize the new await keyword available in .NET 4.5 and Visual Studio 2012. Finally, asynchronous programming became easy and seamless. Check out some of the updated samples to see this in action!

Events now using SynchronizationContext

Previously, events raised by asynchronous methods were running in a background thread, making them hard to use in GUI applications. Now, events are raised using the SynchronizationContext captured when the asynchronous method was started, which basically means the events will run on application's GUI thread, making it possible to update application's controls directly from the event code.

Detailed list of changes:

• All: Added .NET 4.x-style task-based asynchronous methods to objects previously using .NET 1.x-style Begin/End asynchronous pattern.
• All: Asynchronous method events are raised using the current synchronization context for the asynchronous operation.
• All: Added options to force the old-style event behavior (not using the current synchronization context).
• All: Added Rebex.Legacy namespace to .NET 4.x builds to allow compiling code that uses old-style asynchronous methods.
• All: Added official support for Visual Studio 2012.
• SFTP: Added Sftp.Settings.RestoreDateTime property to make it possible to restore source date/time on target.
• SFTP: Removed unused SftpBatchTransferOperation.​FileDataBlockProcessed value.
• SFTP: Changed Sftp.PutFile(..., string, long, long) behavior to truncate remote path when zero remote offset is specified (corresponds to Sftp.PutFile(..., string) behavior). Added Sftp.​Settings.​DisablePutFileZeroOffsetTruncate option to force old behavior.
• SFTP: Fixed ActionOnExistingFiles.​ResumeIfPossible behavior to skip existing files if already transferred.
• SFTP: Multi-file operation events always report absolute paths.
• SFTP: Enhanced source path checking in multi-file operations.
• SFTP: Fixed argument checks in GetStream/​GetUploadStream/​GetDownloadStream methods.
• SFTP: Added Rename value to ActionOnExistingFiles enum (used in Upload/Download methods).
• SFTP: Events Traversing, TransferProgressChanged, DeleteProgressChanged and ProblemDetected added into Sftp to make it possible to get notified about significant actions and to be able to react to a problem in multi-file operations.
• SCP: Added connected-check to Scp object methods.
• SCP: Changed default SCP upload packet size from 32KB to 8KB (the former size was too big for some servers).
• SCP: Added workaround for SCP in OpenSSH 4.x that doesn't accept quoted paths.
• Terminal: Added VT52 terminal emulation support.
• Terminal: Added LightBackColor value into BlinkingText enum.
• Terminal: Added support for 'CSI 1 m' sequence.
• Terminal: Fixed a bug that occasionally caused an exception to be thrown when scrolling using the scrollbar.
• Terminal: Fixed socket error handling in client-side keyboard and mouse methods.
• Terminal: Enhanced TerminalControl responsiveness under heavy load.
• Terminal: Compatibility enhancement for the Shell class in ShellMode.Prompt.
• Terminal: Added support for 'insertion replacement mode' ('CSI 4 h')
• Networking: NetworkSessionException is now the base class for all network protocol exceptions.
• Networking: Task-based asynchronous methods added to IFtp interface.
• Networking: Removed several Socket.Available calls, resulting in higher speed and Windows Azure compatibility.
• Networking: Events Traversing, TransferProgressChanged, DeleteProgressChanged and ProblemDetected added into IFtp to make it possible to get notified about significant actions and to be able to react to a problem in multi-file operations.
• SSH: Better error message for unsuccessful keyboard-interactive fallback workaround.
• SSH: Enhanced "Invalid decoder state" error reporting.
• SSH: Added support for diffie-hellman-group-exchange-sha256 key exchange algorithm.
• SSH: Added SshPublicKey class, SshSession.ServerKey property and FingerprintCheck.ServerKey property (to make it possible to determine server host key in addition to fingerprint).
• TLS/SSL: Fixed a bug in server-side TLS/SSL that caused it to fail when session resuming was enabled.
• TLS/SSL: Fixed TlsException serialization that failed for some errors.
• TLS/SSL: Fixed a bug that caused problems with TLS/SSL in FIPS-only mode.
• Cryptography: Fixed a bug in TransformFinalBlock method of Rebex.Security.Cryptography ciphers that caused interoperability issues with CryptoStream.
• Cryptography: Fixed PKCS#7 padding check in built-in ciphers.
• Cryptography: Added EncodingTools class that adds support for all the charsets needed on all platforms.
• Cryptography: Added auto-detection of a bug in unpatched .NET Framework 3.5's AesCryptoServiceProvider object.
• Cryptography: Implicit ObjectIdentifier(string) constructor added.
• Cryptography: Fixed CryptoHelper.CreateAlgorithm to return CSP version of SHA-2 hash algorithms when available.
• Cryptography: Fixed CertificateFinder property behavior to keep old certificates if no certificates are found by the new finder.
• Cryptography: Server certificate verification routine now allows certificates with '*.domain.net' names to be used for 'domain.net' in addition to '*.domain.net'.
• Cryptography: Fixed a bug in private key decryption routine which failed with keys encrypted with PKCS #12 key derivation algorithm.
• Common: Fixed P/Invokes in NTLM/Kerberos code.
• Common: AddRange method added to file item collections.
• Common: FIPS 140-2 compliant mode enhancements.
• Common: Fixed certificate validation issue on Windows XP and Windows Server 2003.
• Common: Added Certificate.Thumbprint property.
• Common: Fixed a bug in certificate chain building routine that caused it to ignore additional stores in some cases.

2012 R2 #

(build 4546 from 2012-06-11)

Client certificate authentication in SFTP & SSH

Although SFTP/SSH usually use password-based or public-key-based authentication, some servers support X.509 client certificate authentication as well. Unfortunately, not all servers support this, and those which do use a variety of different protocol extensions to achieve it. In this release, we have added client certificate authentication compatible with VanDyke VShell server. If it doesn't work with your server, please let us know.

Detailed list of changes:

• SFTP: Added support for POSIX rename ('posix-rename@openssh.com' extension).
• SFTP: Fixed a bug in Sftp.GetFiles which caused an ArgumentOutOfRangeException on some servers.
• SFTP: SftpItem uses UTC time for range checks (previously there were problems with times close to 1970-01-01).
• SFTP: Added Download/Upload(string, string) method overload.
• SFTP: Added Sftp.GetItems(string, ...) methods.
• SSH Shell: Shell.ReadAll() modified to make it possible to return the welcome message in SshShell.Prompt mode as well (just like in Rebex Telnet).
• Terminal: Better error recovery on invalid escape sequences.
• Terminal: SuppressAltAsMenuKey and SuppressShortcutKeys properties added to the TerminalControl to specify how to handle input keystrokes.
• Terminal: Added support for 'window title' and 'icon name' actions to ActionRequested events.
• Terminal: Better Alt-Gr key handling.
• Terminal: Added workaround for Clipboard errors.
• Terminal: Fixed TerminalControl.SetScreenSize method (did not work with AutoAdjustTerminalSize set to false).
• Networking: UseLargeBuffers option added into IFtpSettings.
• SSH: Added SshPrivateKey(AsymmetricAlgorithm) constructor that makes it possible to initialize it from RSACryptoServiceProvider/​DSACryptoServiceProvider (useful for SmartCard-based keys).
• SSH: Fixed wrong handling of large remote SSH channel window sizes (used by mod_sftp server).
• SSH: Client certificate authentication added (compatible with VanDyke VShell server).
• SSH: ZLIB support announced even when not preferred (without that, we were unable to connect to servers that refuse uncompressed sessions).
• SSH: Fixed a bug that causes a misleading error to be reported on immediately-closed connections.
• SSH: Added workaround for mod_sftp/0.9.7 which occasionally produces broken DSA signatures.
• TLS/SSL: Fixed a misleading error message which was reported when certificate revocation status could not be checked.
• TLS/SSL: When ProtocolVersion error occurs, data received prior to it is logged.
• SSH Shell: Ssh.AuthenticationRequest event added (supports advanced keyboard-interactive variants).
• SSH: Added support for hmac-sha1-96 and hmac-md5-96 MAC algorithms.
• Cryptography: Fixed local/UTC time comparison in Certificate.IsTimeValid.
• Cryptography: Added implicit conversion between Certificate object and X509Certificate/X509Certificate2 objects.
• Cryptography: Enhanced compatibility with Mono on non-Windows platforms - Certificate validation now works!
• Cryptography: Support for saving .PFX/.P12 files added to Certificate.Save method.
• Cryptography: Added new overloads of Certificate.Associate that make it possible to permanently bind the private key to the certificate.
• Cryptography: Added Certificate.FriendlyName property.
• Cryptography: Fixed Certificate.SignHash method which used to fail on .NET Framework 2.0 when an associated key was used for MD5SHA1 signature generation.
• Cryptography: Fixed MD5Managed.HashSize property which used to return 0.
• Cryptography: Certificate.HasPrivateKey code in .NET CF version changed to behave identically to .NET version.
• Common: Added FileSet.Flatten option (makes it possible to ignore source directory structure and copy all files into single target directory).
• Common: Enhanced error reporting of file-path-based methods.
• Common: Added LocalItem and LocalItemCollection classes (used by FileSet.GetLocalItems method).

2012 R1 #

(build 4444 from 2012-03-01)

Libraries DLLs have been renamed

We found out that the DLL naming scheme we decided to use back in 2003 was no longer sustainable and decided to change it. Instead of Rebex.Net.Ssh.dll, Rebex.Net.SecureSocket.dll, Rebex.Net.ProxySocket.dll and Rebex.Security.dll, we now have Rebex.Common.dll and Rebex.Networking.dll. Most of the other DLLs were renamed as well during the process (Rebex.Net.Ftp.dll became Rebex.Ftp.dll, for example). We are sorry for any inconvenience this may have caused, but an alternative solution - introduction of a new DLL for shared functionality - would not be hassle-free either. Fortunately, in order to upgrade to the new version, most customers will only need to remove references to the old DLLs and add references to the new ones because the API is still backward-compatible.

New multi-file methods in Rebex SFTP and FTP/SSL

FTP/SSL and SFTP got several new methods: Upload, Download, Delete and GetItems. The first two are replacements for PutFiles/GetFiles (and support move operation in addition to copy), Delete makes it possible to delete multiple files (or even a directory tree) at once and GetItems makes it possible to retrieve a list of files for the whole directory tree in one call.

Faster Blowfish and Twofish algorithms for Rebex SFTP and Rebex SSH Shell

Bruce Schneier's Blowfish and Twofish symmetric encryption algorithms are a popular choice for SSH communication encryption. Although we have been already supporting both for a few years, we developed a new managed implementation that is substantially faster than the old one.

Detailed list of changes:

• All: SecurityRuleSet.Level2 is used for .NET 4.0 binaries.
• All: Added a Stream.Flush() call after each Stream.Seek() or Stream.Position call in .NET Compact Framework (workaround for .NET CF FileStream bug).
• SFTP: Auto-resume capability added for PutFiles/GetFiles methods.
• SFTP: Added workarounds for another SFTP server where SSH_FXP_STAT and SSH_FXP_REALPATH commands (used by many Rebex SFTP methods) don't always work (for aliased directories, for example).
• SFTP: Added workaround for ChangeDirectory problems with WS_FTP server.
• SFTP: OpenSSH on a Unix-like OS is now detected properly.
• SFTP: Fixed a bug in PutFiles method that caused incorrect behavior when a root-based masked path was specified.
• SFTP: Changing Sftp's or Scp's LogWriter now changes the underlying SshSession's LogWriter as well.
• SFTP: Added SftpOptions.UseSmallPackets option that reportedly solves speed issues in some rare circumstances.
• SFTP: It's now possible to call Sftp.Login again if it fails.
• SFTP: Added TryPasswordFirst option to try "password" authentication first and "publickey" later (by default, the opposite order is used).
• SFTP: New values related to Upload, Download, Delete and GetItems methods added to SftpBatchTransferOperation enum.
• SFTP: String comparison methods use StringComparison.Ordinal.
• SFTP: New Download, Upload, Delete and GetItems methods added to Sftp object (along with associated enums and classes).
• SFTP: Added Sftp.Settings property that replaces and extends Sftp.Options.
• SFTP: Sftp object implements IFtp interface to make it easier to write code which works with both FTP and SFTP.
• SFTP: Multi-file operations optimized by omitting existence check of items found during the operation.
• SSH Shell: Changing Ssh's LogWriter now changes the underlying SshSession's LogWriter as well.
• Telnet: Setting Telnet.LogWriter applies to existing TelnetChannel instances as well.
• Telnet: Better error handling in TelnetTerminalControl.Connect method.
• Terminal: Added TerminalControl.​MouseSelectionCopiesToClipboard property.
• Terminal: Added TerminalControl.SelectionChanged event.
• Terminal: TerminalControl now works in Linux under Mono.
• Terminal: Added TerminalCell.Blink property.
• Terminal: Oversized scroll region escape sequences are now clipped instead of ignored.
• Terminal: Fixed processing of CSI escape sequences with Extended Leading Intermediate.
• Terminal: Added FunctionKeys.Escape and FunctionKeys.Backspace to simplify sending these keys using TerminalControl's or VirtualTerminal's SendToServer method.
• Terminal: Added Disconnected event to VirtualTerminal
• Terminal: ProcessingError event is correctly called when an error occurred while in automatic processing mode.
• Networking: Socket.NoDelay is used by default in non-CF version of Rebex libraries.
• SSH: Fixed error handling in SshSession.OpenTcpIpTunnel method that caused troubles when multiple channels were active at the same time.
• SSH: SshChannel no longer attempts to adjust window size after the channel has been closed.
• TLS/SSL: Fixed non-working TlsSocket.BeginSend and BeginReceive methods.
• Cryptography: Certificate.Save and Certificate.SavePrivateKey methods added, along with a corresponding variant of Certificate.LoadDerWithKey.
• Cryptography: PKCS #7 writer changed to use a more compatible variant of EncryptedContent in EncryptedContentInfo structure. This solves interoperability issues with Entrust CSP and signed messages.
• Cryptography: Added ObjectIdentifier.ToArray(bool useDer) method.
• Cryptography: CertificateChain.LoadP7b method added (used for loading .P7B certificate chains).
• SSH: Added SshParameters.​PreferredHostKeyAlgorithm property.
• SSH: Added SshChannel.PassEnvironmentVariable method.
• SSH: Fixed NullReferenceException during simultaneous channel close/read.
• SSH: Fixed a deadlock that may have occurred when using multiple SSH channels from multiple threads.
• SSH: Fixed a race condition that may have occurred when sending and reading from a single SSH channel at the same time.
• SSH: Removed SshParameters.Options property because it was ignored and only present by mistake.
• SSH: Added SshParameters.​SetEncryptionAlgorithms method to specify exact list and order of allowed SSH ciphers. Corresponding GetEncryptionAlgorithms method added as well.
• Cryptography: Faster Blowfish and Twofish algorithms.
• Cryptography: SubjectPublicKeyInfo.Load method now supports binary keys.
• Cryptography: Removed lots of CryptoApi dependencies from Certificate code.
• Cryptography: 4096-bit DSA keys (used by some SSH servers) are no longer rejected.
• Cryptography: Diffie-Hellman and DSA algorithms fall back to managed ModPow calculation on .NET CF with missing "Enhanced DSA and Diffie-Hellman" CSPs.
• Cryptography: Added Certificate.​Associate(PrivateKeyInfo) method.
• Cryptography: Certificates associated with a private key using Associate method now support MD5SHA1 hash algorithm and suitable for TLS/SSL client certificate authentication.
• Common: Fixed a bug in TraceLogWriter that caused an additional newline to be written at the end of each message.
• Common: Added FileSystemItem and FileSystemItemCollection classes.
• Common: Better readability in Verbose-level logs.
• Common: Thread ID added to all log messages.

1.0.4086.0 #

(build 4086 from 2011-03-09)

Detailed list of changes:

• Terminal: HistoryMaxLength property added to TerminalControl.
• Terminal: Added regular-expression-based VirtualTerminal.Expect method.
• Terminal: Prompt doesn't have to be set when a question prompt is specified in a ReadLine/ReadAll call.
• Terminal: Shell class in ShellMode.Prompt works with *BSD now.
• SSH: Added workaround for old SSH servers that miscalculate HMAC-SHA1 keys.
• SSH: Added SshParameters.AuthenticationMethods to make it possible to only enable desired authentication methods.
• SSH: SendEof method added to SshChannel to make it possible to achieve plink-like functionality.
• SSH: Fixed a bug in SSH channel window size adjustment code which could cause a timeout on servers which send oversized packets.
• SSH: Fixed a bug that prevented SSH key renegotiation requests from being processed, resulting in a timeout.
• SSH: Abort flag checking messages removed from Debug log.

1.0.4060.0 #

(build 4060 from 2011-02-11)

Detailed list of changes:

• SFTP: Bandwidth throttling support in Rebex SFTP through Sftp object's MaxUploadSpeed/MaxDownloadSpeed properties.
• SFTP: SetFileDateTime in SFTP v4 is now compatible with WS_FTP.
• SFTP: Sftp object's AbortTransfer method now properly cancels operations that are just about to start as well.
• SFTP: Added SftpItemComparer class to ease sorting of SftpItemCollection items.
• SFTP: Added workarounds to Sftp.GetStream method SFTP servers that don't support the Append mode.
• SFTP: BytesTotal and ProgressPercentage properties added to Sftp.TransferProgress event arguments.
• SFTP: Added workarounds for several SFTP servers where SSH_FXP_STAT and SSH_FXP_REALPATH commands (used by many Rebex SFTP methods) don't always work (for aliased directories, for example).
• SFTP: Sftp.PutFiles method (in ThrowExceptionOnLinks mode) correctly detects the links in Windows 7 which were not detected previously.
• SFTP: Added a workaround for SFTP server that sent duplicate filenames in their listings.
• SCP: GetFiles and PutFiles methods added to Scp object to make it possible to transfer multiple files or a whole directory tree in one call.
• Terminal: During Select Character Set control sequence, character set is immediately invoked into GL.
• Terminal: Added support for Pick terminals.
• Terminal: Added ActionRequested event to TerminalControl and VirtualTerminal objects to make it possible to handle action requests from the server.
• Terminal: CursorText and CursorMouse properties added to TerminalControl object.
• Terminal: Added terminal function keys support for HP-UX.
• Terminal: BlinkingText option added into TerminalOptions.
• Common: Added a new ILogWriter implementation that logs all messages to .NET's System.Diagnostics.Trace.
• Cryptography: Added a new overload of SshPrivateKey.Save to make it possible to save keys in SSLEay/OpenSSH format (in addition to PuTTY .ppk and PKCS #8 formats).
• Cryptography: Added CertificateChain.Save method to save the chain in .p7b format.
• Cryptography: Fixed a bug in DistinguishedName object that caused the elements of string representation of DNs to be reversed.
• Cryptography: Added CryptoHelper.ForceManagedAes flag as a workaround to .NET's leaking AesCryptoServiceProvider.
• SSH: AuthenticationRequest event added to make it possible to deal with all kinds of "keyboard-interactive" authentication prompts.
• SSH: Fixed a possible race condition that might have occurred when using the same SshSession instance from multiple threads.
• SSH: Enhanced automated "keyboard-interactive" authentication to support more variants of password prompt.
• SSH: Fixed a bug in ZLIB decompression routines.
• SSH: SshSession.Encoding property added.
• SSH: Added SshOptions.​WaitForServerWelcomeMessage option.
• SSH: Updated SFTP to detect, read and skip unexpected malformed packets which used to throw a "Message with invalid length xxx was received." exception when trying to login.

1.0.3854.0 #

(build 3854 from 2010-07-20)

Detailed list of changes:

• SFTP: Added Sftp.GetStream method that makes it possible to open a readable/writable/seekable stream of a remote file.
• SFTP: Sftp class inherits from NetworkSession base class that implements some common properties.
• SFTP: Added SftpOption.​UseReadWriteModeForDownloads.​
• SFTP: Added ProtocolVersion property to Sftp class.
• SFTP: SftpItemCollection.GetEnumerator is now an implementation of IEnumerable<SftpItem>.
• SFTP: Fixed a DateTime range check in SftpAttributes.Modified and .Created which was performed before the conversion to UTC.
• SFTP: Better error handling in GetFiles/PutFiles methods.
• SSH Shell: Ssh class inherits from NetworkSession base class that implements some common properties.
• Terminal: Added new SendToServer method overload to TerminalControl and VirtualTerminal that makes it possible to easily simulate function keys.
• Terminal: New BreakSequence option added to TerminalOptions.
• SSH: Added support for aes*-ctr and 3des-ctr ciphers.
• SSH: In FIPS-only mode, a CryptoAPI implementation of AES is used if available.
• SSH: SshSession class inherits from NetworkSession base class that implements some common properties.
• SSH: SshChannel.ExtendedDataReceived event added to make it possible to receive extended data.

1.0.3793.0 #

(build 3793 from 2010-05-20)

Detailed list of changes:

• All: Packages for .NET 4.0 and Visual Studio 2010 now available.
• SFTP: Fixed a bug that caused "/" local path argument of PutFiles/GetFiles methods to be treated as current directory.
• SFTP: Added Sftp.Bind and Scp.Bind method to make it possible to bind the SFTP or SCP object to existing SSH session.
• SFTP: A full local path is passed in SftpBatchTransferProgressEventArgs.
• SFTP: SftpTransferProgressEventArgs now contain RemotePath and LocalPath when available.
• SFTP: SftpBatchTransferException is now serializable.
• SFTP: Queued data packets are no longer written to the output stream after download operation has been aborted.
• SSH Shell: Added experimental support for CSH to Shell class.
• SSH Shell: Added Ssh.Bind method to make it possible to bind the Ssh object to an existing SSH session.
• Terminal: Fixed a bug that caused cursor to be redrawn incorrectly in some cases.
• SSH: Added a workaround for a server that announces support for "password" authentication but requires "keyboard-interactive" instead.
• SSH: Fixed a bug in ZLIB compression routines that caused compatibility problems with GlobalScape and BitVise servers when compression was enabled.
• SSH: Fixed a bug that caused SSH session to hang if a broken (incomplete) SSH packet arrived (rare).

1.0.3723.0 #

(build 3723 from 2010-03-11)

Detailed list of changes:

• SFTP: A more meaningful exception is thrown when a directory path is passed to Sftp.GetFile method instead of file path.
• SFTP: Added support for getting and setting file creating date (only works with servers that support SFTP v4).
• SFTP: Fixed SSH_FXP_READ packet logging code that caused some packets not to appear in the communication log.
• SFTP: Added a workaround for servers where SSH_FXP_STAT command doesn't work correctly on directories.
• SFTP: Fixed a bug in GetFile method that caused it to hang if length was specified.
• SFTP: Added SftpBatchTransferOptions.XCopy batch transfer mode. This is an alternative form of FtpBatchTransferOptions.Recursive that traverses all subdirectories but only transfers files that match the specified mask.
• SFTP: Fixed PutFiles method to accept all kinds of root paths (such as "c:", "c:/", or "c:\" - previously, only "c:\." worked).
• SFTP: SftpTransferProgressEventArgs.​BytesPerSecond property added that contains the estimated current speed.
• SFTP: HierarchyRetrieve events are no longer raised when only a single file is transferred.
• SFTP: Added experimental SftpOptions.UseLargeBuffers to use larger internal buffers (doesn't seem to make substantial difference on most systems).
• SFTP: Data-block-receiving routines optimized to write directly to the output stream without a round-trip through a temporary buffer.
• SFTP: Fixed a bug that made it impossible to call Sftp.GetFiles method on a root directory.
• SFTP: Sftp.TransferProgress event is called less often on high-speed connections now (several times per second is sufficient).
• SSH Shell: Added Terminal.GetSelectedText method to make it possible to retrieve the currently selected text.
• SSH Shell: Ssh.Login method now accepts empty usernames.
• SSH Shell: SshTerminalControl.LogWriter property added to make logging easier.
• Telnet: TelnetTerminalControl.LogWriter property added to make logging easier.
• Telnet: Fixed a bug that caused Telnet.SetSocketFactory method not to work.
• Terminal: Instances of Shell class returned from Ssh.StartShell i Prompt mode now refuse to work if the prompt was not set.
• Terminal: SshShell instances returned by Ssh.StartCommand no longer stop on prompt-like text when ReadAll is called.
• Terminal: Added TerminalPalette.Sco palette.
• Terminal: Changed TerminalControl.Save and VirtualTerminal.Save in ANSI mode to not write the final <CR><LF> sequence.
• Terminal: Fixed a bug in "CSI 0 J" escape sequence interpreter that caused the whole line to be cleared (instead of only a part of it).
• Terminal: TerminalOptions.PersistColorsOnSgr added to make it possible to specify whether "CSI 0 m" escape sequence (default rendition) whould reset colors as well.
• Terminal: TerminalScreen.GetRegion and TerminalScreen.GetRegionText methods added to make it easily possible to retrieve a part of the screen content.
• Terminal: Block selection mode added (accessible through TerminalControl.SelectionMode property or using the Ctrl key).
• Terminal: Added TerminalControl.MousePasteEnabled to make it possible to disable automated paste on right mouse button click.
• Terminal: Terminal emulator now supports CSI 10, CSI 11 and CSI 12 escape sequences.
• Terminal: Added SendToserver(byte[]) method to TerminalControl and VirtualTerminal classes.
• Terminal: Added experimental support for Wyse 60 terminals.
• Terminal: Fixed a bug that occasionally caused InvalidOperationException to be thrown on disconnected channels.
• Terminal: Added support for CFT and CBT escape sequences to terminal emulator.
• Terminal: New overload of TerminalScreen.Clear method added to make it possible to clear the history buffer as well.
• Terminal: Redefined background color in custom color scheme mode is now applied to all parts of the terminal screen.
• ProxySocket: The underscore character is now allowed in hostnames (this is non-standard, but used by Windows).
• ProxySocket: FileLogWriter is capable of logging into a single file from multiple applications now.
• ProxySocket: ProxySocket.Send behavior changed to always send all the data or fail.
• Cryptography: Added Certificate.LoadDerWithKey method to make it possible to easily load certificates with private keys in external file (Unix-style).
• Cryptography: Support for PKCS #7 EnvelopedData encrypted using RC2 with effective key length not equal to key data length.
• Cryptography: Fixed a bug in EnvelopedData class that cause a NullReferenceException to be raised when unsupported encryption algorithm is encoutered.
• Cryptography: Internal ModPow method optimized.
• Cryptography: Key generation support removed from RSAManaged a DSAManaged. No part of any of our libraries ever used it at it was prohibitively slow anyway.
• SSH: Added SshFingerprint.Compute and SshFingerprint.FromBase64String methods to make it possible to easily calculate a fingerprint of the supplied public key.
• SSH: ZLIB compression is now switched off by default (caused problems with some servers).
• SSH: Client KEX_INIT packet is sent without waiting for the server side one (this is the only proper behavior).
• SSH: Added SshSession.KeepAlive method to make it possible to periodically "ping" the SSH connection to keep it working and detect failures.
• TLS/SSL: TlsSocket.SessionID is deprecated because its global cache was unsuitable for most applications. TlsSocket.Session (and the associated TlsSession class) should be used instead.

1.0.3588.0 #

(build 3588 from 2009-10-27)

Detailed list of changes:

• SFTP: SFTP v4 support added.
• SFTP: Fixed a bug in CreateDirectory/ChangeDirectory workaround for CoreFTP.
• SFTP: Added workaround for ProFTPd's mod_sftpd SSH_FXP_REALPATH command that fails for newly created directories.
• SSH Shell: Added workaround for SSH packets 101 that some SSH servers were observed to use.
• Terminal: Fixed a bug that caused Disconnect event not to be raised when some types of connection failures occurred.
• Terminal: TerminalControl now correctly resizes itself when hosted in WPF.
• ProxySocket: Proxy object now has Encoding property that makes it possible to specify character set to be used for parsing server responses.
• ProxySocket: ProxySocketException.ErrorCode property now returns HTTP and Socket4/Socks5 error codes when available.
• ProxySocket: SspiAuthentication and GssApiProvider classes added that provide GSSAPI/SSPI functionality.
• Cryptography: Certificate's CRL distribution point list can be accessed using GetCrlDistributionPoints method.
• SSH: Fixed a bug in ArcFour cipher implementation that made it unusable.
• SSH: Fixed a bug that caused an SSH welcome message to be parsed incorrectly when split across multiple packets.
• SSH: Added support for ZLIB transfer compression.

1.0.3484.0 #

(build 3484 from 2009-07-15)

Detailed list of changes:

• SSH: Fixed a bug in GSSAPI authentication that caused it to work improperly in 32bit .NET Framework.

1.0.3479.0 #

(build 3479 from 2009-07-10)

Detailed list of changes:

• SFTP: IEnumerable<T> support added to collections for .NET Framework 2.0 and higher.
• SSH Shell: Added support for break request defined by RFC 4335.
• SSH Shell: Added Shell.GetExitCode method to make it possible to retrieve process exit code (if available).
• Terminal: Fixed bad exception message in TerminalControl.Bind method.
• Terminal: TerminalOptions serialization fixed to work correctly with serialized data from older releases.
• Terminal: Fixed a bug in the logging code for SshChannel.SetTerminalSize method.
• Cryptography: .PFX/P12 private key file loading support for Windows Mobile 5 and newer.
• Cryptography: Added support for signatures based on SHA-2 (SHA-256, SHA-384 and SHA-512).
• Cryptography: If .NET Framework 3.5 is available, a new and much faster AES implementation is used instead of RijndaelManaged.
• Cryptography: Behavior of certificate finders in CMS/PKCS #7 was enhanced - embedded certificates are always searched now.
• SSH: Support for GSSAPI authentication (gssapi-with-mic) added. Kerberos (not on .NET CF) and NTLM mechanisms are supported. MS SSPI is used as an underlying authentication provider.
• SSH: SshFingerprint class extended to support multiple hash algorithms.
• SSH: Added BannerReceived event that ca be used to receive banner messages sent by the server.
• SSH: Added FingerprintCheck event as an alternative way to check server fingerprint.
• SSH: Support for authentication using both username/password and public key at the same time made compatible with Maverick SSHD server.
• TLS/SSL: Enhanced logging of certificate-related actions during the TLS/SSL negotiation.

1.0.3428.0 #

(build 3428 from 2009-05-20)

Detailed list of changes:

• SFTP: Added support for transfer compression through a plugged-in library.
• SFTP: Upload and download speed enhanced a lot using the pipelining approach.
• SFTP: UTF-8 encoding is used by default for WS_FTP server.
• SFTP: Upload and download buffer size changed from 32K to 28K because the original size resulted in two packets being sent.
• SFTP: Fixed a misleading error message that occurs when both password and public key authentication is required by the server but the clients only supply one of the credentials.
• SFTP: Added several workarounds for CoreFTP server's SFTP implementation that suffers from numerous bugs such as missing file attributes or half-working SSH_FXP_REALPATH command.
• SFTP: Fixed a bug in GetFiles and PutFiles method that caused a wrong path to be used when a filename only was specified or when a root path was specified.
• SCP: Compatibility enhancements in Scp object's PutFile method.
• SCP: Added a workaround for Bitvise's SCP that closes the SCP channel too early.
• Terminal: Poll method added into IShellChannel.
• Terminal: Fixed a bug that caused the Enter key not to be echoed when local echo is on.
• SSH: Added FIPS 140-2 compliant mode that is automatically enabled on systems where only compliant algorithms are allowed.
• SSH: Added a new exception status - PasswordChangeRequired - that is used when a password change is required before authentication can be successfully completed.
• TLS/SSL: Exception thrown by the certificate verifier because of certificate hostname mismatch is more descriptive.
• TLS/SSL: Added a workaround for vsftpd that occasionally leaks unencrypted error messages while TLS/SSL is in use, which causes an error when the client tries to decode them as proper TLS/SSL messages.
• TLS/SSL: Fixed a bug that could cause a deadlock when closing a socket from one thread that is currently sending data using another thread.
• TLS/SSL: Fixed possible NullReferenceException in TlsSocket class.
• TLS/SSL: BeginSend and BeginReceive methods work again.

1.0.3333.0 #

(build 3333 from 2009-02-14)

Detailed list of changes:

• SFTP: Detection of GlobalScape server enhanced to properly detect more versions.
• SCP: Scp.Logger renamed to Scp.LogWriter to match the other objects including Sftp.
• SCP: Fixed improper handling of the first success response.
• SSH Shell: Shell.Close method added to make it possible to gracefully close an SSH shell session.
• Terminal: Added a variant of Shell.SendCommand method that makes it possible to send 'invisible' data such as passwords.
• Terminal: Prompt-matching in Shell class changed to make it possible to match beginning of a line.
• ProxySocket: Fixed a bug in Socks4/Socks5 proxy code that made it impossible to use FTP in active mode with these proxies.
• Cryptography: CertificateStore.FindCertificate overloads that accept DistinguishedName now search for certificates signed by intermediate CAs as well.
• Cryptography: Enhanced treatment of empty passwords in the PFX loader.
• Cryptography: Certificates with SubjectAlternativeName extension marked as critical are now treated as not having any e-mail address assigned to them if no e-mail address is found in the extension data.
• Cryptography: Fixed a bug in DiffeHellmanManaged.​ImportParameters method that made it impossible to import key with all parameters filled.
• SSH: Banner message is now logged when using the LogWriter functionality.
• SSH: Added workaround for badly-formed DSA signature produced by SSH Secure Shell 3.1.0 (and possibly other versions).
• SSH: Added a workaround to the Compact Framework version for VanDyke VShell server that sends primes that are one bit longer than expected.

1.0.3300.0 #

(build 3300 from 2009-01-12)

Detailed list of changes:

• SFTP: Added PutFiles and GetFiles method to make it possible to transfer multiple files easily by transferring a whole directory tree or use wildcards.
• SFTP: Setting ServerType property to Unix now causes '\' not to be treated as a directory separator for the remote server.
• SFTP: A better exception is now thrown by a method that has been terminated by calling Dispose from another thread.
• SFTP: Packages for .NET Compact Framework 3.5 added.
• SFTP: Asynchronous operations now use a thread pool.
• SFTP: Asynchronous method threads are now named.
• SCP: Added Scp class to make it possible to transfer files using the legacy SCP protocol.
• SSH Shell: Added scroll-back buffer support.
• SSH Shell: Asynchronous operations now use a thread pool.
• SSH Shell: Asynchronous method threads are now named.
• Terminal: Added Expect method to make scripting possible easily.
• Terminal: Added drawing routines for most box-drawing and block element characters that are either not present or improperly drawn in majority of fonts.
• Terminal: Added custom palette support.
• Terminal: Added support for custom color schemes to TerminalOptions class.
• Terminal: Fixed a bug that caused an extra column to appear in a newly-created terminal control.
• Terminal: Added support for 'ksh' shell.
• Terminal: Added support for setting the font using the Control's Font property (previously, TerminalFont had to be used).
• Terminal: Added the ability to scroll while selecting a long chunk of text.
• Terminal: Fixed a bug that caused the terminal control to resize several times when minimized and maximized again.
• Terminal: Added DataReceived event to TerminalControl and VirtualTerminal classes.
• Terminal: Added AutoAdjustTerminalFont, UserInputEnabled, ScrollBarEnabled and ScrollbackResetOnDisplayActivity properties to TerminalControl class.
• Cryptography: Added support for reading and setting private key comment.
• Cryptography: Added RootCertificate and LeafCertificate properties to CertificateChain class.
• Cryptography: Added GetCommonName method to DistinguishedName class.
• Cryptography: Added IEnumerator support to CertificateChain.
• Cryptography: Added Equals method to DistinguishedName class.
• Cryptography: Fixed a bug in OID decoding routine that cased it to occasionally hang on broken input data.
• Cryptography: Added new Certificate.LoadPfx to make it possible to load keys into machine store.
• Cryptography: Fixed a problem in Certificate.Decrypt method that made the decryption fail with some rare certificates.
• Cryptography: Added Certificate.Associate method to make it possible to associate a RSA/DSA crypto service provider with access to a private key with a certificate.
• SSH: Added support for saving PuTTY private keys.
• SSH: Added ChangePassword method to SshSession class to make it possible to change user password.
• SSH: Added support for servers that don't require a password.
• SSH: Fixed a bug in SshSession that caused problems when multiple channels through the same SSH session were used at the same time.
• TLS/SSL: Anonymous TLS/SSL ciphers are now supported (but disabled by default).
• TLS/SSL: Fixed an internal static method that was not thread safe.
• Common: Added enhanced logging capabilities (LogWriter).

1.0.3127.0 #

(build 3127 from 2008-07-23)

Detailed list of changes:

• SFTP: GetList, GetRawList and GetNameList enhanced to support wildcards. However, they are processed at the client side because SFTP can't do that at the protocol level.
• SSH: Fixed a problem in RSA private key reader that caused an error with some keys.
• SSH: Enhanced packet reader to support oversized SSH packets.
• SSH Shell: Initial public release.

1.0.3087.0 #

(build 3087 from 2008-06-14)

Detailed list of changes:

• TLS/SSL: Fixed a bug that caused data loss when a TLS/SSL connection was closed in a certain way.
• ProxySocket: New ISocket interface to make it possible to easily implement custom transport layers.
• ProxySocket: Fixed an unhandled exception that occurred during a failed connection to a proxy specified by an IP address.
• SFTP: Enhanced initial folder detection to be compatible with more servers.
• SFTP: Added detection for FTP and SSL servers that are often mistaken with SFTP to produce better exception messages.
• SFTP: Fixed incorrect ChangeDirectory method behavior with empty path argument.
• SFTP: Fixed a problem that caused SftpException.Status property to have a incorrect value in some cases.
• SFTP: Added hostname validity checking to Connect method.
• SFTP: Added experimental support for CR/CRLF conversion of text files.
• SSH: Fixed an internal static method that was not thread safe.
• SSH: PuTTY keys with no password are now supported as well (previously, only PuTTY keys with passwords worked).
• SSH: Added SSH tunneling capabilities.

1.0.2896.0 #

(build 2896 from 2007-12-06 )

Detailed list of changes:

• All: Packages for .NET Framework 3.5 and Visual Studio 2008 now available.

1.0.2871.0 #

(build 2871 from 2007-11-11)

Detailed list of changes:

• TLS/SSL: Added built-in PFX-based client certificate request handler.
• TLS/SSL: Fixed a bug in the negotiation part of the TlsSocket class that caused problems when handling large packets.
• SFTP: Fixed a bug in GetInfo and GetFileLength methods that caused an invalid length to be reported for files larger than 4GB.
• SSH: Changed the authentication routine to be compatible with servers that require a banner message to be sent to the client.
• SSH: Fixed a bug in block receiving code that occurred when a block of certain invalid length was received.
• SSH: Added support for loading PuTTY private keys.
• Cryptography: Added support for loading PuTTY private keys.

1.0.2800.0 #

(build 2800 from 2007-08-30)

Detailed list of changes:

• TLS/SSL: Fixed a bug in the server-side TLS/SSL code that caused a SSL2-style ClientHello message to be parsed incorrectly.
• SFTP: Default command and response encoding changed to Encoding.Default instead of standard UTF-8, because a survey of SFTP servers showed that none of them in fact uses UTF-8.
• SFTP: Added support for authentication using both username/password and public key at the same time.
• SSH: Added support for Blowfish and Twofish ciphers.
• SSH: Added support for authentication using both username/password and public key at the same time.
• Cryptography: Added support for Blowfish and Twofish ciphers.
• Cryptography: Added new CertificateIssuer class for certificate creation.
• Cryptography: Added new CertificateChain-based certificate finder.
• Cryptography: Certificate revocation list is now available in EnvelopedData and SignedData classes.
• Cryptography: When the CertificateFinder property is changed in EnvelopedData and SignedData Certificate, the new finder is now immediately used to find any missing certificates.
• Cryptography: Several serialization bugs in EnvelopedData and SignedData classes were fixed.
• Cryptography: Certificate class has a new Extensions property that makes the extension collection accessible.
• Cryptography: Various other changes that do not affect the FTP protocol.

1.0.2700.0 #

(build 2700 from 2007-05-24)

Detailed list of changes:

• SFTP: Added ListItemReceived event. This makes it possible to display the list items as they are received, to filter them or to abort the transfer based on previously received items.
• SFTP: Response receive buffer enlarged to support messages that are slightly over the maximum allowed length, and better error reporting for those that are too large.
• SFTP: Added another workaround for WeOnlyDo's wodFTPD (FreeFtpD) server that is unable to report the correct file datetime if the local and remote time zones are not the same.
• Cryptography: CertificateFinder can now be changed even after an EnvelopedData or SignedData has been loaded.

1.0.2666.0 #

(build 2666 from 2007-04-20)

Detailed list of changes:

• TLS/SSL: Speed drop caused by the data receiving loop introduced in the previous build was fixed.
• SFTP: Added SetFileDateTime method.
• SFTP: Added FileExists and DirectoryExists methods.
• SFTP: Added workaround to GetInfo method for WeOnlyDo SFTP server that reports missing files as access denied.
• SFTP: GetConnectionState no longer fails on disconnected objects.
• SFTP: Added GetUploadStream and GetDownloadStream methods for stream-based remote file access.
• SSH: Client no longer announces key exchange and encryption methods that are not supported on its current platform.
• SSH: Speed drop caused by ineffective data receiving loop was fixed.
• SSH: Fixed a bug that caused any extra key-exchange to fall.

1.0.2621.0 #

(build 2621 from 2007-03-06)

Detailed list of changes:

• TLS/SSL: New refactorred TLS/SSL core introduced.
• SFTP: IPv6 support with .NET Framework 1.1/2.0/3.0 and .NET Compact Framework 2.0.
• SSH: Fingerprint property added to SshPrivateKey class.

1.0.2567.0 #

(build 2567 from 2007-01-11)

Detailed list of changes:

• Cryptography: Added PrivateKeyInfo class and an ability to load and save private keys.
• Cryptography: Fixed a bug in DSAManaged class that made impossible to use keys of some sizes.
• Cryptography: Random big integer generator optimized.
• Cryptography: Several typos in documentation fixed.
• SFTP: Added support for RSA and DSA public key authentication.
• SFTP: Added workaround for ShellFTP server that has a bad habit of dropping SSH sessions after the SFTP session is closed.
• SSH: Added support for RSA and DSA public key authentication.
• SSH: Added support for Diffie-Hellman Group Exchange authentication (RFC 4419).
• SSH: Fixed a bug that caused Timeout value to be ignored when waiting for the server's initial message.
• SSH: SshFingerprint class made serializable.

1.0.2537.0 #

(build 2537 from 2006-12-12)

Detailed list of changes:

• SFTP: Initial public release.