Release notes for Rebex HTTPS for .NET

2019-05-17 Version 2019 R2 #
(build number 7077)

Support for Visual Studio 2019

All Rebex components are now fully supported in Microsoft Visual Studio 2019.

Support for .NET Framework 4.8

.NET Framework 4.8 is a fully supported platform.

Native elliptic curve cryptography on Linux with .NET Core 2.1/2.2

On Linux, binaries for .NET Standard 2.0 now utilize OpenSSL elliptic curve routines via .NET Core 2.1/.2, making it possible to use ECDH and ECDSA ciphers in TLS/SSL and SFTP/SSH with no need of external plugins.

Complete list of changes of version 2019 R2

  • All: Added support for .NET Framework 4.8 and Visual Studio 2019.
  • All: Removed leftover Trace.Write logging.
  • HTTP: Added support for legacy HTTP digest authentication.
  • HTTP: Added WebClient.Timout property.
  • SSH: Added dummy support for SSH_MSG_EXT_INFO (RFC 8308).
  • Cryptography: Added CertificationRequest.Save method.
  • Cryptography: Added support for ECDSA and ECDH on .NET Core 2.1/.2.2 on Linux (no need for external plugins).
  • Cryptography: Added workaround for broken export of RSA keys from the CNG providers on Windows 7.
  • Cryptography: Added workaround for CRLs with redundant trailing data to CertificateRevocationList.
  • Cryptography: Added workaround for legacy versions of Mono with lack of SHA-2 support.
  • Common: Asynchronous infrastructure improvements.

2019-03-28 Version 2019 R1 #
(build number 7027)

Improved platform support

This release adds three new sets of binaries targeting the following platforms:

  • .NET Core 2.0/2.1/2.2 (via .NET Standard 2.0)
  • .NET 4.6.x/4.7.x
  • .NET 3.5 SP1

For an overview of available binaries and supported platforms, check out Rebex Support Lifecycle KB article.

Optimized AES/GCM performance

Improved performance of AES/GCM ciphers in TLS and SSH protocols on .NET Compact Framework and non-Windows platforms.

Improved compatibility with HttpWebRequest

HttpRequest now features PreAuthenticate and Expect properties that aim to be compatible with .NET's HttpWebRequest.

Complete list of changes of version 2019 R1

  • All: Added binaries targeting .NET Framework 3.5 SP1.
  • All: Added binaries targeting .NET Framework 4.6 and higher.
  • All: Added binaries targeting .NET Standard 2.x.
  • All: Removed long-deprecated API. Deprecated legacy API.
  • HTTP: Added support for WebRequest.PreAuthenticate.
  • HTTP: 'Host' HTTP header fixed to include port when required.
  • HTTP: Changed behavior of HTTP redirects to match system HttpWebRequest behavior (primarily changing HTTP method to GET).
  • HTTP: Implemented HttpRequest.Expect property and enabled by default.
  • ProxySocket: Fixed passing of state to the callback method in BeginConnect.
  • SSH: Changed behavior of SshFingerprint.ToString() and .ToArray() to use SHA-256.
  • SSH: Improved performance of AES/GCM ciphers on .NET Compact Framework and non-Windows platforms.
  • SSH: RSA host keys are preferred to DSA host keys.
  • SSH: SHA-512 is only used during SSH client authentication when the RSA key length allows it.
  • SSH: SshParameters.MinimumRsaKeySize now applies to client RSA keys as well.
  • SSH: Using standard form of Diffie-Hellman group exchange with GlobalScape servers.
  • TLS/SSL: Fixed passing of state to the callback method in BeginConnect.
  • TLS/SSL: Improved performance of AES/GCM ciphers on .NET Compact Framework and non-Windows platforms.
  • Cryptography: Fixed behavior of HMAC mode in KeyMaterialDeriver.DeriveKeyMaterial method.
  • Cryptography: Fixed garbage collection issue with PFX-based certificate keys on non-Windows platforms.
  • Cryptography: Fixed handling of shared secred padding in AsymmetricKeyAlgorithm.GetKeyMaterialDeriver.
  • Cryptography: Fixed possible NullReferenceException in CertificationRequest.GetAlternativeHostnames method.
  • Common: Fixed Certificate.Associate with permanent bind on .NET Compact Framework to ensure the key is not garbage-collected.
  • Common: LocalItem constructor no longer fails on items with iinvalid paths.

2018-12-21 Version 2018 R4 #
(build number 6930)

Maintenance release

This is a maintenance release with several enhancements.

Complete list of changes of version 2018 R4

  • HTTP: Added HttpSettings.HttpSessionCacheTimeout property.
  • HTTP: Added logging of HTTP 'Connection' header.
  • Networking: Fixed handling of Ssh.Encoding property.
  • Networking: Improved TLS logging.
  • Networking: ProxySocket and TlsSocket implement IDisposable now.
  • ProxySocket: Added workaround for ObjectDisposedException in Socket.ConnectAsync on .NET Core for macOS.
  • SSH: Enhanced legacy group exchange autodetection.
  • SSH: Fixed SshPublicKey(PublicKeyInfo) constructor that only accepted RSA or DSA keys.
  • SSH: Fixed Verbose logging of interactive authentication.
  • SSH: Changed SshParameters.MinimumRsaKeySize from 1024 to 1023 bits.
  • TLS/SSL: Improved server certificate usage check.
  • Cryptography: Added support for 'BEGIN RSA PUBLIC KEY' keys (PKCS #1 / RFC 3447) to PublicKeyInfo.
  • Cryptography: Added support for IP addresses in Subject Alternative Name certificate extension.
  • Common: Added support for new OpenSSH key format with AES-CTR encryption.
  • Common: Fixed possible certificate validation failures on some versions of Xamarin.Android.

2018-10-26 Version 2018 R3 #
(build number 6874)

Password-hiding in Verbose logging mode

Communication logs created with Verbose level no longer contain authentication credentials, which makes it more convenient and safer to share them with others.

Support for canceling HTTP requests

Implemented HttpRequest.Abort() method and added WebClient.Cancel() method to make it possible to cancel pending requests.

Auto-connect on .NET Compact Framework

Added auto-connect feature on .NET Compact Framework. Enabling HttpRequestCreator's or WebClient's Settings.AutoConnectToInternet property will make the component to try to establish an Internet connection automatically.

Connection-establishing API for .NET CF

Added very simple connection-establishing API for .NET Compact Framework (Rebex.Net.ConnectionManagement namespace).

Complete list of changes of version 2018 R3

  • All: Added password-hiding in Verbose logging mode.
  • All: Added experimental support for Mono on Windows.
  • All: Fixed messages of some ObjectDisposedException objects.
  • HTTP: Added WebClient.Cancel() method.
  • HTTP: Added Content-Encoding logging in Debug log level.
  • HTTP: HttpRequestCreator.Settings.SslServerName is no longer ignored.
  • HTTP: HttpRequest.Abort() method is supported now.
  • HTTP: HttpRequest.Timeout applied to TLS negotiation as well.
  • HTTP: Added HttpRequestCreator.Settings.AutoConnectToInternet on .NET Compact Framework.
  • Networking: Added simple connection manager API on .NET Compact Framework (Rebex.Net.ConnectionManagement namespace).
  • Networking: Added SshParameters.MaximumPacketSize property.
  • Networking: Report a meaningful error message when .NET Compact Framework's 'not a socket' issue is encountered.
  • Networking: Fixed Login not to block Dispose in Sftp, Scp and Ssh classes.
  • SSH: Using UTF-8 at SSH protocol level by default in Sftp, Scp and Ssh classes.
  • SSH: Added logging of SSH channel window size adjustments.
  • SSH: Fixed decompression in encrypt-then-mac (EtM) MAC mode.
  • TLS/SSL: TLS cipher suite being negotiated is logged as soon as possible.
  • Cryptography: CertificateStore implements IEnumerable<Certificate>.
  • Cryptography: Proper error is reported when trying to validate ECDSA certificates on Mono.
  • Common: Added optimized thread pool on .NET Compact Framework.

2018-09-03 Version 2018 R2.1 #
(build number 6821)

Enhancements and bugfixes

This is a maintenance release with several bugfixes and enhancements.

Complete list of changes of version 2018 R2.1

  • HTTP: Made it possible to set 'User-Agent' header using Headers collection.
  • Proxy: Added Proxy.HttpUserAgent property to make it possible to specify User-Agent for HTTP CONNECT proxies.
  • Proxy: ProxySocket methods now throw ObjectDisposedException when disposed.
  • SSH: Fixed data buffering when raising SshChannel.ExtendedDataReceived event.
  • Cryptography: Optimized certificate signature validation on .NET Compact Framework.

2018-06-29 Version 2018 R2 #
(build number 6755)

New fully supported platform: .NET Core on macOS

This release adds full support for .NET Core 2.x on macOS.

HttpWebRequest-like ClientCertificates collection

Added HttpRequest.ClientCertificates collection.

Enhancements and bugfixes

Enhancements and bugfixes in the shared functionality.

Complete list of changes of version 2018 R2

  • All: Added support for .NET Core on macOS.
  • HTTP: Added HttpRequest.ClientCertificates collection.
  • Proxy: Closed ProxySocket objects throw more meaningful exception.
  • SSH: Added support for additional formats to SshPublicKey.
  • SSH: Fixed possible bug in SshPublicKey loading.
  • SSH: Added SshPrivateKey.GetPrivateKeyInfo() method.
  • TLS/SSL: Added SslSettings.SslServerCertificateValidationOptions and SslCertificateValidationEventArgs.Options properties.
  • Cryptography: Added workaround for eToken CSP private key operations.
  • Cryptography: Fixed possible 'Unexpected key algorithm' error in AsymmetricKeyAlgorithm.
  • Cryptography: Fixed Certificate.GetSignatureHashAlgorithm() for RSASSA-PSS certificates
  • Cryptography: RSACryptoServiceProvider usability detection made more compatible.
  • Cryptography: Fixed CertificateStore.Exists on .NET Core.
  • Cryptography: Fixed Certificate.HasPrivateKey for non-silent keys.
  • Cryptography: Fixed potential security vulnerability in RSAManaged class (proper padding check in signature verification).
  • Common: Fixed compatibility with AWS Lambda.

2018-04-25 Version 2018 R1.1 #
(build number 6690)

New fully supported platform: .NET Core on Linux

This release adds full support for .NET Core 2.x on Linux.

Complete list of changes of version 2018 R1.1

  • All: Added support for .NET Core on Linux.
  • HTTP: Added workaround for compressed response data not properly finished with a final block. Exception is still thrown if the decompressor was unable to flush all data to be processed.
  • HTTP: Enhanced response logging.
  • SSH: Fixed handling of invalid data packets claiming to contain more data than their payload length.
  • TLS/SSL: Fixed error raising in TlsSocket's EndSend/EndReceive methods.
  • Cryptography: Enhanced error message when trying to use signing-only RSA certificate for decryption.
  • Cryptography: Fixed private key exporting on .NET Core on Linux.
  • Cryptography: Fixed retrieval of certificate with bound keys from store on .NET Core on Linux.
  • Cryptography: Fixed possible NullReferenceException in built-in custom certificate validator on .NET Compact Framework. Could occur using CRL validation.
  • Cryptography: Fixed DSAManaged.ExportParameter method that failed to export parameters with missing Seed.
  • Cryptography: Added CertificateEngine.BuildChain(Certificate) method.
  • Cryptography: Current CertificateEngine's BuildChain method is now used in CMS (PKCS #7) SignedData and EnvelopedData.
  • Cryptography: Added Certificate.Tag property to make it possible to associate custom objects with a particular Certificate instance.
  • Cryptography: Enhanced logging in built-in custom certificate validator on .NET Compact Framework.

2018-04-01 Version 2018 R1 #
(build number 6666)

Enhancements and bugfixes

This is a maintenance release with bugfixes, workarounds and enhancements in several areas.

Complete list of changes of version 2018 R1

  • HTTP: Added HttpRequest constructor (an alternative to HttpRequestCreator.Create method).
  • HTTP: Fixed automatic redirection to resemble behavior of .NET's HttpWebRequest.
  • HTTP: Fixed potential bug while determining socket data availability.
  • HTTP: Added missing certificate algorithm check.
  • HTTP: Fixed handling of '100 Continue' responses.
  • HTTP: Fixed handling of abandoned sockets.
  • SSH: Added support for AES/GCM ciphers ('aes128-gcm@openssh.com' and 'aes256-gcm@openssh.com') to SSH client.
  • SSH: Added support for ETM MAC ciphers ('hmac-sha2-256-etm@openssh.com' and 'hmac-sha2-512-etm@openssh.com') to SSH client.
  • TLS/SSL: Log deprecation warning when using SSL 3.0, which is disabled by default and should no longer be used at all.
  • TLS/SSL: Added SslSettings.SslRenegotiationExtensionEnabled option.
  • TLS/SSL: Added SslSettings.SslServerNameIndicationEnabled option.
  • Cryptography: Added CryptographicCollection<T> as a base for cryptographic collection classes.
  • Cryptography: Fixed possible NullReferenceException inCertificateRevocationList.GetRevocationReason() method.
  • Cryptography: Fixed PFX saving on Mono.
  • Cryptography: Fixed "Unable to load DLL 'Bcrypt.dll'" error on Linux with .NET Core.
  • Cryptography: Added EnhancedCertificateEngine to .NET Compact Framework version to make it possible to supply custom root certification authorities.
  • Common: Enabled Certificate/CertificateChain.LoadPfx with AlwaysCng option on .NET Compact Framework 3.9.
  • Common: Fixed rare race condition in possibly leading to NullReferenceException on .NET Core and UWP platforms.
  • Common: Fixed COMException in CertificateChain.BuildFrom method on experimental UWP platform.
  • Common: Built-in custom certificate validator on .NET CF no longer unnecessarily validates signature of root CA certificates that are trusted by the OS.

2018-01-11 Version 2017 R6.3 #
(build number 6586)

Maintenance release

This is a maintenance release with enhancements in the shared functionality.

Complete list of changes of version 2017 R6.3

  • Cryptography: Added support for RSAES-OAEP with input parameter (label).
  • Cryptography: Added support for RSAES-OAEP with mismatched hash algorithms.
  • Cryptography: Fixed initialization of EncryptionAlgorithm property in MailMessage.Recipients collection items.
  • Cryptography: Added support for RSASSA-PSS with mismatched hash algorithms.
  • Cryptography: Fixed CNG private key conversion workaround.

2017-12-21 Version 2017 R6.2 #
(build number 6565)

Faster AES on Windows

Rebex components now use Windows CNG for AES symmetric encryption algorithm when available. CNG implementation of AES is faster and takes advantage of AES-NI instructions.

On-the-fly data uploads

Our HttpRequest object now supports AllowWriteStreamBuffering and SendChunked properties, making it possible to upload large amounts of data to the server.

Fixed leaking of HTTP sessions

Unfortunately, Rebex HTTPS 2016 R6 introduced a bug in the HTTP session cache that caused sessions to never be reused.

Complete list of changes of version 2017 R6.2

  • HTTP: Added AllowWriteStreamBuffering and SendChunked properties, making it possible to perform on-the-fly uploads.
  • HTTP: Added HttpRequest.ContentLength in .NET Standard/.NET Core and Universal Windows Platform (UAP) editions.
  • HTTP: Enhanced platform info logging.
  • HTTP: Fixed HTTP session cache that ceased to work in 2017 R6, causing a memory leak.
  • HTTP: Fixed a bug in parsing of missing Content-Encoding values.
  • Proxy: ProxySocket constructor requires a connected socket now.
  • SSH: Added SshParameters.UseLegacyGroupExchange option to make it possible to force using legacy or standard form of SSH Diffie-Hellman group exchange packet.
  • TLS/SSL: Fixed handling of duplicate suites in ClientHello packets.
  • Cryptography: Added CertificateChain.LoadDer method to load a chain of Base64-encoded certificates.
  • Cryptography: Fast CNG implementation of AES (which takes advantage of AES-NI instructions) is used when available.
  • Cryptography: Added workaround for broken X509Certificate.GetPublicKey() on Mono 5.4.
  • Cryptography: Added a workaround for GPG's gpgsm utility that required some SignedData fields to be DER-encoded.

2017-11-20 Version 2017 R6.1 #
(build number 6534)

Native elliptic curve cryptography on Windows Embedded Compact 2013

Rebex components now utilize MS CNG API on .NET Compact Framework 3.9 / Windows Embedded Compact 2013, making it possible to use ECDH and ECDSA ciphers in TLS/SSL and SFTP/SSH with no need of external plugins.

Maintenance release

This is a maintenance release with improvements, bugfixes or workarounds.

Complete list of changes of version 2017 R6.1

  • HTTP: Added WebClient.Encoding property to specify charset for string-based methods.
  • HTTP: Added DownloadProgressChanged/UploadProgressChanged events do WebClient class.
  • HTTP: Added HttpRequest.AutomaticDecompression property.
  • HTTP: Fixed handling of multiple headers with same header name in .NET Standard edition.
  • HTTP: HttpResponse.ContentLength returns -1 to indicate 'value not specified'.
  • HTTP: Fixed a bug in handling HttpRequest.Headers that could cause headers to be duplicated in some scenarios.
  • HTTP: Added null value check to HttpRequest.Headers setter.
  • HTTP: HttpResponse.ContentLength property is now set to -1 (not specified) when receiving automatically decompressed content.
  • HTTP: HttpResponse.GetResponseStream() handles unsupported Content-Encoding values now.
  • SSH: Added SshPublicKey.LoadPublicKeys method that supports loading OpenSSH's 'authorized_keys' files.
  • Cryptography: Enhanced custom CRL downloader for .NET Compact Framework to handle all 3xx redirect codes.
  • Cryptography: Enhanced Certificate.LoadDer to handle files with multiple certificates (loads the first one).
  • Cryptography: Enabled usage of MS CNG API in .NET Compact Framework 3.9 edition on Windows Embedded Compact 2013 when appropriate.
  • Cryptography: Fixed detection of AES/GCM support.
  • Cryptography: Fixed detection of native Brainpool and secp256k1 support.
  • Cryptography: Added 'params' to CertificateInfo.SetExtendedUsave/SetAlternativeHostnames methods.
  • Cryptography: Fixed null handling in CertificateInfo.MailAddress.
  • Cryptography: Fixed empty block processing in AES/GCM.
  • Common: Added workaround for broken Encoding.ASCII encoder on legacy Mono platforms.
  • Common: Enhanced SSPI error reporting.
  • Common: Fixed platform info in logs on macOS.

2017-10-25 Version 2017 R6 #
(build number 6508)

AES/GCM support in TLS/SSL on all platforms

We added support for TLS ciphers based on AES/GCM (AES in Galois/Counter Mode) symmetric encryption algorithm:

  • ECDHE_RSA_WITH_AES_128_GCM_SHA256
  • ECDHE_RSA_WITH_AES_256_GCM_SHA384
  • ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
  • ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
  • DHE_RSA_WITH_AES_128_GCM_SHA256
  • DHE_RSA_WITH_AES_256_GCM_SHA384
  • DHE_DSS_WITH_AES_128_GCM_SHA256
  • DHE_DSS_WITH_AES_256_GCM_SHA384
  • RSA_WITH_AES_128_GCM_SHA256
  • RSA_WITH_AES_256_GCM_SHA384

These ciphers are available on all supported platforms including .NET 2.0/3.5 and .NET Compact Framework.

Complete list of changes of version 2017 R6

  • All: Added support for DSA key generation on .NET Core on Windows.
  • HTTP: Changed default User-Agent header value to "Rebex HTTPS". When HttpRequest.UserAgent is set to null, the header is not sent.
  • HTTP: Multi-value headers are sent as single comma-separated header.
  • HTTP: Proxy communication is now logged (using HttpRequestCreator.LogWriter object).
  • HTTP: Redirected keep-alive requests reuse original request's session if possible.
  • Networking: Fixed PortRange binding (an issue introduced in previous release).
  • Networking: Fixed ReceiveBufferSize/SendBufferSize propagation (an issue introduced in previous release). This was observed to cause slowdown on Windows platform in some scenarios.
  • Proxy: Fixed handling of IP-based host names in proxy name resolving routine (an issue introduced in previous release).
  • TLS/SSL: Added support for AES/GCM to TLS.
  • TLS/SSL: Added TlsCipherSuite.Weak enum.
  • Cryptography: Added support for RSAES-OAEP encryption to EnvelopedData/RecipientInfo objects (CMS / PKCS #7).
  • Cryptography: Added support for RSAES-OAEP encryption to Encrypt/Decrypt methods in Certificate and AsymmetricKeyAlgorithm classes.
  • Cryptography: Added support for DSA key generation on .NET Core 1.1 on Windows.
  • Cryptography: Added support for RSASSA-PSS signatures to SignMessage/VerifyMessage methods in Certificate and AsymmetricKeyAlgorithm classes.
  • Cryptography: Enhanced environment info logging.
  • Cryptography: Fixed KeySize property of RSAManaged and DSAManaged to return the proper size for key sizes that are not evenly divisible by 8.
  • Cryptography: Added support for RSASSA-PSS signatures to SignedData/SignerInfo objects (CMS / PKCS #7).
  • Cryptography: Added support for legacy MD4 algorithm.
  • Cryptography: Fixed saving of Brainpool keys (used wrong OID).
  • Cryptography: Fixed handling of ED25519 keys in PrivateKeyInfo.
  • Cryptography: Fixed CertificateStore private key saving on Mono.
  • Common: Environment info is now logged when creating an instance of FileLogWriter.

2017-09-08 Version 2017 R5 #
(build number 6461)

New fully supported platforms: .NET Core 1.1 and 2.0 on Windows

This release adds full support for .NET Core 2.0 and 1.1 on Windows. Support for .NET Core on Linux and macOS is still experimental.

Support for .NET Standard 1.5, 1.6 and 2.0 (on .NET Core 1.1 and 2.0)

All Rebex components support .NET Standard 1.5, 1.6 and 2.0 on .NET Core 1.1 and 2.0. Support for other platforms (such as .NET Standard on .NET 4.6.x or higher) is still experimental.

Complete list of changes of version 2017 R5

  • All: Added support for .NET Core 1.1 and 2.0 on Windows.
  • HTTP: Fixed handling of HTTP paths with double-slash ('//').
  • Proxy: Added support for "http://" URLs in Proxy.Host.
  • Cryptography: Added HTTP redirect handling to CRL downloader on .NET Compact Framework.
  • Cryptography: Added workaround to enable SHA-2 on legacy operating systems (such as pre-SP3 Windows XP).
  • Cryptography: Using ASN.1 GeneralizedTime for dates greater than 2050.
  • Cryptography: Enhanced logging of some SSPI errors.
  • Cryptography: Added workaround for invalid or empty HTTP header names.
  • Common: Enabled SHA-2 support workaround for legacy RSA providers.
  • Common: Using custom IBM 437 encoding on .NET Compact Framework.

2017-08-04 Version 2017 R4.1 #
(build number 6426)

Maintenance release

This is a maintenance release with several improvements, bugfixes and workarounds.

Complete list of changes of version 2017 R4.1

  • HTTP: Enhanced exception messages for errors at TLS/SSL layer.
  • Cryptography: Enhanced RSAES-OAEP support.
  • Cryptography: Added CertificateStore.Add method (replacement for deprecated CertificateStore.AddCertificate method).
  • Cryptography: Added KeySetOptions.PreferCng and KeySetOptions.AlwaysCng options.
  • Cryptography: Fixed AsymmetricKeyAlgorithm.Dispose method.
  • Cryptography: Fixed AsymmetricKeyAlgorithm.CreateFrom method (always honors the ownsAlgorithm argument now).

2017-06-30 Version 2017 R4 #
(build number 6391)

Support for CNG Key Storage Providers

Rebex Certificate class now fully supports RSA, DSA and ECDSA private keys stored in Windows CNG Key Storage Providers.

Native support for Brainpool (P-256 R1, P-384 R1, P-512 R1) and secp256k1 elliptic curves on Windows 10

Windows 10 (and Windows Server 2016) added native support for additional Elliptic Curve DSA (ECDSA) / Elliptic Curve Diffie-Hellman (ECDH) curves including secp256k1, Brainpool P-256 R1, P-384 R1 and P-512 R1, and Rebex classes can take advantage of them now (in addition to NIST P-256/P-384/P-521 curves).

Brainpool curves have already been supported by our TLS/SSL library and can be used with the following ciphers:

  • TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
  • TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
  • TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
  • TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
  • TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA
  • TLS_ECDHE_ECDSA_WITH_RC4_128_SHA
  • TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
  • TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
  • TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
  • TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
  • TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA
  • TLS_ECDHE_RSA_WITH_RC4_128_SHA

For earlier Windows and other operating systems, Brainpool curves are available through external plugins.

Complete list of changes of version 2017 R4

  • All: Deprecated .NET Compact Framework 2.0, Windows (Store) 8.0 and Windows (Store/Phone) 8.1 platforms.
  • All: Lots of improvements in experimental .NET Core / .NET Standard edition.
  • HTTP: Added HttpResponse.Cipher property to make it possible to determine information about the TLS cipher used by the underlying TLS/SSL session.
  • HTTP: Fixed broken WebClient.UploadString(...) method.
  • HTTP: Fixed handling of null in HttpRequestCreator.SetSocketFactory() method.
  • HTTP: Fixed handling of relative or broken redirect locations.
  • SSH: Added SshParameters.CompressionLevel option to make it possible to specify the desired compression level for SSH.
  • SSH: Deprecated SshPrivateKey.CreateSignature, VerifySignature and an old variant of the SshPrivateKey.Save method.
  • SSH: Added SshPublicKey.GetPublicKeyInfo() method.
  • SSH: Added SshException.GetServerInfo() method to make it possible to determine lists of ciphers supported by the server when SSH negotiation fails.
  • Cryptography: Added support for certificates with private keys stored in CNG Key Storage Providers.
  • Cryptography: Compatibility enhancements in Certificate public/private key operations and AsymmetricKeyAlgorithm class.
  • Cryptography: Added Certificate.GetPublicKeyInfo() method.
  • Cryptography: Fixed PublicKeyInfo.GetKeySize() method that used to throw an exception for ECDSA and ED keys.
  • Cryptography: Added native support for secp256k1, Brainpool P-256 R1, P-384 R1 and P-512 R1 on Windows 10 and Windows Server 2016.
  • Cryptography: Fixed default hash algorithm detection in SignMessage/VerifyMessage methods in Certificate and AsymmetricKeyAlgorithm classes.
  • Cryptography: Experimental support for CMS (PKCS #7) decryption with RSA/OAEP/SHA-1 (RSAES-OAEP defined by RFC 3447).
  • Cryptography: Fixed 'Unexpected PFX length' error when exporting 4096-bit RSA certificates into PFX/P12 file.

2017-05-09 Version 2017 R3 #
(build number 6339)

NuGet packages

Rebex components just got official NuGet packages!

If you have an active subscription, you will get NuGet packages as part of Rebex components. These are supposed to be added to your private NuGet repository.

Rebex packages are available at NuGet.org as well.

Experimental support for .NET Standard 1.5 and NET Core

This release adds experimental support for .NET Core (or rather .NET Standard 1.5/1.6) to all Rebex components.

In addition to .NET Core on Windows, Linux and macOS, .NET Standard edition of Rebex components can be used on any platform with .NET Standard 1.5 support. This currently includes .NET 4.6.2 and .NET 4.7, and hopefully other platforms soon.

Please note that 'experimental' support means that this edition has not yet reached the 'mainstream' support phase, and the API is subject to change. Any feedback is greatly appreciated.

Support for .NET Framework 4.7

.NET Framework 4.7 is a fully supported platform.

Complete list of changes of version 2017 R3

  • All: Added NuGet packages.
  • All: Added experimental support for .NET Core and .NET Standard 1.5.
  • All: Added workaround for a breaking change in Exception.Data on recent Xamarin.Android.
  • All: Added support for .NET Framework 4.7.
  • HTTP: Fixed redirection handling when the new location points to a different HTTPS server.
  • Cryptography: Enhanced error messages in AsymmetricKeyAlgorithm.
  • Cryptography: Custom certificate validator now behaves like MS CryptoAPI validator when dealing with RSA key sizes shorter than 1024 bits; MD5 signature hash algorithm is always considered to be weak for non-root certificates.
  • Cryptography: Added support for .PFX/.P12 saving on .NET Compact Framework (requires Windows CE 5.0 or later).
  • Common: Fixed incorrect handling of CNG RSA keys.

2017-03-22 Version 2017 R2 #
(build number 6291)

ECDSA certificate support in TLS/SSL

All Rebex components utilizing our TLS/SSL library now support the following TLS ciphers based on Elliptic Curve DSA (ECDSA) algorithm:

  • TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
  • TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
  • TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
  • TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
  • TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA
  • TLS_ECDHE_ECDSA_WITH_RC4_128_SHA

Supported curves:

  • NIST P-256
  • NIST P-384
  • NIST P-521

Please note that external plugins are needed for these algorithms and curves on some platforms.

Support for Visual Studio 2017

All Rebex components are now fully supported in Microsoft Visual Studio 2017. Older Visual Studio versions (2008 and higher) and .NET Framework versions (2.0 and higher) are still supported as well.

Experimental support for Universal Windows Platform

This release introduces experimental support for Universal Windows Platform (Windows 10, Windows 10 Mobile, Windows 10 IoT).

Minor ISocket API changes

Legacy parts of ISocket interface were moved into ISocketExt interface. If you implemented a custom transport layer using the ISocket API, make sure to implement ISocketExt instead when upgrading to this release.

Seldom-used static methods in CryptoHelper class were removed. If you need any of them, please let us know.

Complete list of changes of version 2017 R2

  • All: Mono 2.10 is no longer supported. (Mono 3.x and 4.x still supported.)
  • HTTP: Fixed issues in HTTP client connection pool.
  • HTTP: Added HttpSessionCacheEnabled and SslSessionCacheEnabled options to HttpSettings.
  • HTTP: Added workaround for servers that use DEFLATE instead of Zlib.
  • Networking: Added logging of environment and platform information.
  • Networking: Enhanced target address logging when connecting.
  • Networking: HTTP core provides better inner exceptions on errors.
  • Networking: Legacy members of custom transport layer API moved from ISocket to ISocketExt.
  • Proxy: Fixed ProxySocket.Connect(...) on Mono 2.10.
  • SSH: Enhanced cipher mismatch error reporting during SSH negotiation to produce informative error messages.
  • SSH: Added GetSupportedMacAlgorithms/GetSupportedEncryptionAlgorithms/GetSupportedKeyExchangeAlgorithms static methods to SshParameters.
  • SSH: Added support for client key authentication using 'rsa-sha2-256', 'rsa-sha2-512' and 'ssh-rsa-sha256@ssh.com' algorithms.
  • SSH: Added OpenSSH-style fingerprint support to SshFingerprint class.
  • TLS/SSL: Added support for Elliptic Curve DSA to TLS 1.2/1.1/1.0.
  • TLS/SSL: Fixed unexpected connection closure handling in TlsSocket.
  • TLS/SSL: Fixed handling of Timeout value in TlsSocket.Receive.
  • Cryptography: Added support for Elliptic Curve DSA to Certificate/CertificateChain/CertificateIssuer classes.
  • Cryptography: SignMessage/VerifyMessage methods added to AsymmetricKeyAlgorithm.
  • Cryptography: Renamed KeyDerivationOptions class to KeyDerivationParameters.
  • Cryptography: Removed seldom-used static methods from CryptoHelper.
  • Cryptography: CertificateIssuer class made available on .NET Compact Framework.
  • Cryptography: Fixed TLS 1.0/1.1 on FIPS-only Windows with disabled UseFipsAlgorithmsOnly.
  • Cryptography: Enhanced CertificateIssuer API.
  • Cryptography: Fixed PrivateKeyInfo.KeyAlgorithm that returned non-standard values for some ECDSA keys.
  • Cryptography: Fixed handling of padding in ECDSA private keys stored using the new OpenSSH format.
  • Cryptography: Fixed weak algorithm detection in .NET Compact Framework custom certificate verifier.

2017-02-08 Version 2017 R1 #
(build number 6249)

New component: Rebex HTTPS

Rebex HTTPS is an HTTP/HTTPS client library that supports TLS 1.2/1.1/1.0, SHA-2, Server Name Identification (SNI), Renegotiation Indication Extension, Forward Secrecy, ZLIB. These features are available on all supported platforms: .NET Framework, .NET Compact Framework, Mono, Xamarin.iOS and Xamarin.Android.

The library is available as a standalone package or as a part of Rebex Total Pack.

Complete list of changes of version 2017 R1

  • HTTP: Initial release.