Rebex HTTPS
HTTP and HTTPS library for modern and legacy platforms
Download 30-day free trial Buy from $349More .NET libraries
-
Rebex Total Pack
All Rebex .NET libraries together
Release notes for Rebex HTTPS for .NET
- Released
- December182024
7.0.9119 #
(build 9119 from 2024-12-18)
Maintenance release
This is a maintenance release with enhancements in the shared functionality.
Detailed list of changes:
- SSH: Fixed reported error message when SSH channel is closed while a channel request is pending.
- TLS Core: Better exception handling when TLS 1.3 socket is disposed while negotation is in progress.
- Released
- November122024
7.0.9083 #
(build 9083 from 2024-11-12)
Support for .NET 9!
This release adds a new set of binaries targeting .NET 9. It supports all .NET 9 platforms:
- Windows (x64, x86, ARM64)
- Linux (x64, ARM32, ARM64)
- Android (x64, ARM32, ARM64)
- macOS (ARM64, x64)
- iOS/iPadOS/tvOS (ARM64)
R6.17 available as well
For customers who have not yet upgraded to version 7 of Rebex libraries, we published the R6.17 update with important fixes and enhancements. Version R6.x will be supported until November 2025.
Detailed list of changes:
- All: Added binaries targeting .NET 9 on all supported platforms.
- Cryptography: Added workaround for EnvelopedData with unpadded RSA EncryptedKey.
- Cryptography: Added workaround for parsing CMS ASN.1 with redundant zeros at the end.
- Cryptography: Fixed common name validation logic in NativeCertificateEngine and EnhancedCertificateEngine when used stand-alone by custom code.
- Released
- October082024
7.0.9048 #
(build 9048 from 2024-10-08)
Maintenance release
This is a maintenance release with fixes and enhancements in the shared functionality.
Detailed list of changes:
- SSH: Fixed less common variants of multi-factor authentication.
- SSH: Fixed SshSession.Authenticate(userName, password, privateKey) method that crashed when privateKey was null (since version 7.0).
- Cryptography: Added ValidationOptions.​DisableCertificateDownloads option (only supported on .NET 5 and higher).
- Cryptography: Fixed detection of support for ECDH with brainpool curves on iOS.
- Cryptography: Fixed padding issues in AsymmetricKeyAlgorithm.​GetKeyMaterialDeriver (did not affect Rebex libraries).
- Cryptography: Fixed wrong RSA public key format when saving private keys in new OpenSSH format.
- Cryptography: Improved handling of wrong (negative) serial numbers in X.509 certificates.
- Released
- June252024
7.0.8943 #
(build 8943 from 2024-06-25)
Maintenance release
This is a maintenance release with enhancements in the shared functionality.
R6.16 available as well
For customers who have not yet upgraded to version 7 of Rebex libraries, we published the R6.16 update with important fixes and enhancements. Version R6.x will be supported until November 2025.
Detailed list of changes:
- TLS Core: Fixed certificate selection and curve selection in TLS 1.3.
- TLS Core: Fixed wrong TlsException.Status for some exceptions representing server-side alerts.
- Cryptography: Added support for issuing certificates signed with Ed25519.
- Cryptography: Fixed calculation of subject key identifier in certificate issuer API.
- Cryptography: Fixed rare wrong final calculation of Poly1305 hash when temporary storage for remaining data is bigger than input block size.
- Cryptography: Using AES/GCM instead of AES/CBC for new OpenSSH key format encryption.
- Released
- April082024
7.0.8865 #
(build 8865 from 2024-04-08)
Maintenance release
This is a maintenance release with enhancements in the shared functionality.
Detailed list of changes:
- SSH: SshPublicKey.LoadPublicKeys reads comments and does not fail on empty files.
- TLS Core: Added option to disable ClientHello padding. Added option to enable legacy SCSV mode.
- TLS Core: Fixed potential repeated clean-up of TLS 1.3 extensions that might cause strange exceptions in the following TLS connection.
- Cryptography: Added support for loading private keys in new OpenSSH key format encrypted using AES/GCM or ChaCha20/Poly1305.
- Released
- February192024
7.0.8816 #
(build 8816 from 2024-02-19)
Maintenance release
This is a maintenance release with enhancements in the shared functionality.
R6.15 available as well
For customers who have not yet upgraded to version 7 of Rebex libraries, we published the R6.15 update with important fixes and enhancements. Version R6.x will be supported until November 2025.
Detailed list of changes:
- SSH: Added SshCipher.StrictKeyExchange and SshServerInfo.​SupportsStrictKeyExchange properties.
- SSH: Added SshPrivateKey.​CreateFrom(PrivateKeyInfo) method.
- SSH: Added support for a combination of password and keyboard-interactive authentication.
- SSH: Improved SSH session and channel lifecycle logging.
- SSH: Using lower local SSH channel numbers for better log readability.
- TLS Core: Fixed invalid TLS 1.3 behavior for rare Poll/Receive call sequence on TlsSocket.
- TLS Core: Fixed possible deadlock in Receive or Poll methods when additional incomplete packet is received after close_notify in TLS 1.2 or earlier.
- Cryptography: Added low-level API for loading/saving PrivateKeyInfo with byte[] passwords.
- Cryptography: Added ObjectIdentifier.Encode method.
- Cryptography: Added support for loading PKCS #8 private keys with legacy RC4 algorithm.
- Cryptography: Added UseDer property to SignedData and EnvelopedData classes.
- Cryptography: PrivateKeyInfo.Save now uses SHA-2 instead of SHA-1 in PKCS #8 format with PBKDF2 derivation.
- Cryptography: Reduced memory footprint of CNG API interop layer.
- Released
- December202023
7.0.8755 #
(build 8755 from 2023-12-20)
Improved Native AOT compatibility
This update improves compatibility with .NET 8's Native AOT deployment model, which makes it possible to compile applications to native code ahead-of-time (AOT). Most common features should already work in Native AOT mode.
Detailed list of changes:
- All: Improved compatibility with Native AOT in .NET 8.
- HTTP: Fixed handling of unexpected response stream closure when keep-alive expected.
- SSH: Added support for PKCS #8 format to SshPublicKey constructor.
- SSH: Added support for strict key exchange extension (thwarts the so-called 'Terrapin attack').
- Common: Optimized memory usage of miscellaneous methods.
- Released
- November152023
7.0.8720 #
(build 8720 from 2023-11-15)
Support for .NET 8!
This release adds a new set of binaries targeting .NET 8. It supports all .NET 8 platforms:
- Windows (x64, x86, ARM64)
- Linux (x64, ARM32, ARM64)
- macOS (x64)
- Android
- iOS/tvOS
Detailed list of changes:
- All: Added a new set of binaries targeting .NET 8.0.
- HTTP: Added WebClient.QueryString property.
- SSH: Added SshParameters.ChannelCloseTimeout property.
- Cryptography: Fixed behavior of certificate issuer API when no CRLs have been specified.
- Released
- September132023
7.0.8657 #
(build 8657 from 2023-09-13)
Maintenance release
This is a maintenance release that fixes minor issues.
Detailed list of changes:
- Networking: Fixed handling of IPv6 addresses in square brackets.
- SSH: Fixed behavior of Certificate flag in SshParameters.HostKeyAlgorithms.
- Released
- June292023
7.0.8581 #
(build 8581 from 2023-06-29)
First 7.0.* release!
This is the first release of 7.0.* series. It no longer uses the 'Rx.y' naming scheme, which was somewhat confusing.
The R6.x series will be supported until November 2025 and will receive fixes and security updates.
AesGcm and ChaChaPoly1305 moved to Rebex.Security
AesGcm
and ChaChaPoly1305
classes were moved from Rebex.Common assembly to Rebex.Security.
If you are using these classes and don't have a Rebex Total Pack or Rebex Security license, please let us know.
Support for Ed25519 certificates in TLS 1.2
X.509 certificates based on Ed25519 asymmetric algorithm are now supported with TLS 1.2 as well. Previously, they were only supported with TLS 1.3.
Support for modular Diffie-Hellman (FFDHE) in TLS 1.3
Although TLS 1.3 is usually used with Elliptic Curve Diffie-Hellman, it supports classic Diffie-Hellman as well.
Lot of TLS improvements
This release brings lot of small improvements in TLS that aims to make our TLS library up-to-date and as compatible as possible. Check out the release notes below for details.
Detailed list of changes:
- HTTP: Added HttpSettings.UseLargeBuffers option.
- HTTP: Added protocol announcement via ALPN extension in TLS 1.2 or higher.
- HTTP: Improved reporting of unexpected errors from the TCP layer.
- Networking: Added SslSettings.SslRenegotiationMode option.
- Networking: No longer sending default domain in SSPI requests by defalt. Added SslSettings.UseDefaultDomain property.
- SSH: Added SshPublicKey.Parse method and a new overload for SshPublicKey.LoadPublicKeys.
- SSH: Added support for ECDH and ECDSA with secp256k1 curve ('ecdh-sha2-1.3.132.0.10' and 'ecdsa-sha2-1.3.132.0.10').
- SSH: Added support for SSH agents (OpenSSH agent and Pageant).
- SSH: Preferring ChaCha20/Poly1305 on platforms with HW intrinsics support.
- TLS Core: Added public API for TLS 1.3 and TLS 1.2 signature algorithms.
- TLS Core: Added public API for TLS 1.3 named groups and pre-shared key exchange modes configuration.
- TLS Core: Added support for Ed25519 in TLS 1.2 (already supported in TLS 1.3).
- TLS Core: Added support for modular Diffie-Hellman (FFDHE) in TLS 1.3.
- TLS Core: ClientHello is padded to 512 bytes to work around strange bugs in the erroneous TLS implementation on some servers.
- TLS Core: Disable client-initiated TLS renegotiation by default.
- TLS Core: Enabled ChaCha20/Poly1305 ciphers by default on .NET Core 3.1 / .NET 5 or higher.
- TLS Core: Changed the default order of cipher suites in ClientHello to more closely align with the best practices of the industry.
- TLS Core: In TLS 1.2, support for Renegotiation Indication Extension is annonced using renegotiation_info extension.
- TLS Core: The default selection of TLS 1.2 elliptic curves has been altered to more closely align with the best practices of the industry.
- TLS Core: TlsServerSocket now honors TlsOptions.DoNotCacheSessions flag when TLS 1.3 is negotiated.
- TLS Core: Updated default TLS 1.2 cipher preference order. Disabled 3DES by default. Added TlsCipherSuite.Common value.
- Cryptography: Added API for CRL distribution endpoints with multiple CRL entries.
- Cryptography: Added Certificate.Bind methods.
- Cryptography: Added CertificateStoreName.WebHosting enum value.
- Cryptography: Added CertificateStoreOpenFlags and corresponding CertificateStore constructors.
- Cryptography: AesGcm and ChaChaPoly1305 classes moved from Rebex.Common assembly to Rebex.Security.
- Cryptography: Certificate.Extensions collection is now read-only.
- Cryptography: Deprecated EncryptValue/DecryptValue methods in RSAManaged class.
- Cryptography: Fixed visibility of CertificateException legacy serialization constructor.
- Cryptography: Improved loading of Y-less legacy DSA keys in FIPS-only mode on .NET 6/7 in Windows.
- Common: Optimized internal Task.Run methods on old platforms.
- Common: Optimized internal WhenAll/WhenAny Task combinators on old platforms.
- Released
- June282023
R6.14 #
(version 6.0.8580 from 2023-06-28)
Maintenance release
This is a maintenance release with enhancements in the shared functionality.
What next for R6.x?
Version R6.x of Rebex libraries will be supported until November 2025 and will receive fixes and security updates. See R6.x release history for more information.
Detailed list of changes:
- All: Fixed problems in finalizer logic.
- SSH: Fixed missing end-of-lines in new OpenSSH key format.
- Cryptography: Fixed support for ECDSA private key formats with optional public key.
- Released
- June062023
R6.13 #
(version 6.0.8558 from 2023-06-06)
Maintenance release
This is a maintenance release that brings several enhancements and resolves some issues.
Detailed list of changes:
- HTTP: Using canonicalized form of IPv6 address in HTTP host header.
- Networking: Added support for IPv6 addresses to SOCKS5 proxy (client-side).
- Networking: Added workaround for systems where System.​Net.​Sockets.​Socket.​RemoteEndPoint does not work properly.
- Networking: Fixed formatting of IPv6 addresses for HTTP CONNECT proxies.
- Networking: Using 'Proxy-Connection' header instead of 'Connection' with HTTP CONNECT proxies.
- TLS Core: Disabled workaround for DHE padding bug in old versions of MS Schannel.
- TLS Core: Fixed server-side TLS curve selection on end-of-life platforms.
- Cryptography: Fixed lifecycle of AsymmetricKeyAlgorithm based on RSA CSP.
- Cryptography: Improved support for SignatureHashAlgorithm.MD5SHA1 in .NET 5 and higher in FIPS-only mode.
- Released
- April182023
R6.12 #
(version 6.0.8509 from 2023-04-18)
Maintenance release
This is a maintenance release that brings several enhancements and resolves some issues.
Detailed list of changes:
- HTTP: Fixed and improved parsing of multi-value HTTP headers.
- SSH: Added workaround for an issue in 'srt SSH Server' that makes it reject RSA/SHA-2 public key authentication attempts.
- SSH: Fixed handling of SSH2 PUBLIC KEY quotation marks in SshPublicKey.
- SSH: Fixed handling of user name when performing single sign-on in .NET Core and .NET 5/6/7.
- TLS Core: Fixed client-side TLS cipher suite check and server-side TLS cipher selection.
- TLS Core: Fixed checking of selected elliptic curves.
- TLS Core: Fixed memory leak in server-side TLS session cache.
- Common: Fixed rare race condition in scheduled action infrastructure.
- Released
- January312023
R6.11 #
(version 6.0.8432 from 2023-01-31)
Maintenance release
This is a maintenance release that brings several enhancements and resolves some issues.
Detailed list of changes:
- Networking: Comment is no longer ignored when loading SSH2 public key into SshPublicKey.
- SSH: Fixed occasional StackOverflowException in SSH tunnel code (thrown when a large batch of consecutive asynchronous IO operations completes synchronously).
- TLS Core: Fixed handling of missing close_notify message in TLS 1.2 or earlier.
- Cryptography: Fixed CRL retrieval for certificate with multiple CRL distribution endpoints.
- Common: Fixed potential premature release of an unmanaged buffer in SSPI interop code.
- Common: Improved compatibility with Windows 2000.
- Released
- December022022
R6.10 #
(version 6.0.8372 from 2022-12-02)
Maintenance release
This is a maintenance release that brings several enhancements and resolves some issues.
Detailed list of changes:
- SSH: Added workaround for an issue in Azure Blob Storage SFTP that makes it reject RSA/SHA-2 public key authentication attempts.
- TLS Core: Fixed TlsParameter.AcceptableAuthorities handling (can specify an empty list).
- Cryptography: Added workaround for broken X25519 implementation in early versions of Windows 10 (version 1507 and 1511).
- Common: Fixed Windows Extended Protection in 64-bit Windows applications.
- Released
- November082022
R6.9 #
(version 6.0.8348 from 2022-11-08)
Support for .NET 7!
This release adds a new set of binaries targeting .NET 7. It supports all .NET 7 platforms:
- Windows (x64, x86, ARM64)
- Linux (x64, ARM32, ARM64)
- macOS (x64)
- Android
- iOS/tvOS
Detailed list of changes:
- All: Added a new set of binaries targeting .NET 7.
- Cryptography: Fixed SHA-2 support on pre-SP3 versions of Windows XP.
- Released
- October252022
R6.8 #
(version 6.0.8334 from 2022-10-25)
Optimized CPU and memory usage in TLS 1.3
Rebex TLS 1.3 core has been further optimized on all supported platforms.
SSE2 implementation of ChaCha20
Last year, we introduced a very fast AVX2 implementation of ChaCha20 encryption cipher. However, some older or mobile CPUs lack AVX2 support, and this is where the new SSE2 implementation will become useful and improved performance of ChaCha20/Poly1305 in TLS and SSH. (Just like AVX2, the new SSE2 implementation is only available on .NET Core 3.1 and .NET 5/6.)
Detailed list of changes:
- Networking: Improved timeout handling during TCP connect.
- TLS Core: Fixed handling of incomplete TLS 1.3 records.
- TLS Core: Further optimized TLS 1.3 core.
- TLS Core: Improved handling of invalid TLS 1.3 session tickets (PSKs).
- TLS Core: Reduced memory footprint and CPU usage of TLS 1.3.
- Cryptography: Added SSE2 implementation of ChaCha20 for .NET 5.0 or higher.
- Released
- October052022
R6.7 #
(version 6.0.8314 from 2022-10-05)
Fixed code signing (broken by DigiCert)
From September 14th to September 22nd, 2022, DigiCert's timestamping authority mistakenly issued a TSA certificate with a validity period of only one year. Unfortunately, this mistake means that code-signed Rebex assemblies from R6.6 release will no longer pass validation after February 28th, 2024.
Therefore, Rebex customers should upgrade from R6.6 as soon as possible to take advantage of the new TSA certificate's full 11-year validity period.
Detailed list of changes:
- All: This release is properly code-signed again. TSA certificate validity was too short in R6.6 due to DigiCert's mistake.
- SSH: Added workaround for SSH servers that claim to prefer 'ssh-rsa' for client public key authentication.
- Cryptography: Added Rebex.Common.Validator assembly.
- Released
- September162022
R6.6 #
(version 6.0.8295 from 2022-09-16)
Support for 'Windows Extended Protection'
This release adds support for 'Extended Protection', which protects against HAFNIUM-style man-in-the-middle attacks on SSPI authentication ('Negotiate', 'NTLM' or 'Kerberos' authentication, also known as 'Integrated Windows authentication').
Customers using 'Integrated Windows authentication' should consider upgrading to this release and enabling 'Extended Protection' on their servers to protect against HAFNIUM-style attacks. Currently, this feature is only supported on Windows.
Detailed list of changes:
- SSH: Added new constructors to SshPrivateKey/SshPublicKey classes that accept AsymmetricKeyAlgorithm.
- SSH: Added support for ECDSA to SshPrivateKey(AsymmetricAlgorithm) constructor (on .NET Core 3.1 or higher).
- SSH: Fixed rare NullReferenceException when closing an SshSession.
- TLS Core: Added support for Windows Extended Protection (only available on Windows).
- Cryptography: Added GetPrivateKeyAlgorithm/​GetPublicKeyAlgorithm methods to Certificate class.
- Released
- July152022
R6.5 #
(version 6.0.8232 from 2022-07-15)
TLS 1.2 improvements
Added support for TLS extended master secret extension (RFC 7627) and fixed several issues.
Detailed list of changes:
- SSH: Added support for 'server-sig-algs' SSH extension (RFC 8332).
- SSH: Improved logging of 'partial success' authentication responses.
- TLS Core: Added support for TLS extended master secret extension (RFC 7627).
- TLS Core: Fixed handling of NoRenegotiation alert.
- TLS Core: Fixed rare race condition when closing TLS 1.2 socket.
- Common: Improved internal asynchronous infrastructure for old platforms.
- Released
- May252022
R6.4 #
(version 6.0.8181 from 2022-05-25)
Support for .NET 6.0 on Android and iOS
Support for mobile platforms in .NET 6.0 has finally arrived, slightly masquaraded as .NET MAUI. Rebex libraries now support these new platforms as well.
Optimized AEAD ciphers in TLS
ChaCha20/Poly1305 and AES/GCM ciphers have been slightly optimized on all platforms.
Optimized CPU usage in TLS 1.3
Rebex TLS 1.3 core has been further optimized for this release.
Detailed list of changes:
- All: Added support for .NET 6.0 on Android.
- All: Added support for .NET 6.0 on iOS.
- SSH: Fixed behavior of TryPasswordFirst option with servers that support 'publickey' and 'keyboard-interactive' but not 'password'.
- SSH: Optimized AEAD ciphers in SSH.
- TLS Core: Optimized AEAD ciphers in TLS.
- TLS Core: Optimized CPU usage in TLS 1.3 data flow.
- TLS Core: Optimized scenario when the remote party requires TLS 1.2 (or lower TLS version) and TLS 1.3 is enabled.
- TLS Core: Optimized TLS 1.3 key derivation functions.
- Cryptography: Added support for NTLM plugin for non-Windows platforms.
- Cryptography: Added workaround for buggy RSACryptoServiceProvider in .NET 6.0 on Android.
- Cryptography: Enhanced workarounds for slightly misbehaved certificate validator in .NET 6.0 on Android.
- Cryptography: Fixed compatibility with ECDiffieHellman on .NET 7 Preview.
- Cryptography: Fixed exporting of DSA keys on Windows XP SP3.
- Cryptography: Optimized ChaCha20Poly1305 internals.
- Cryptography: Optimized internal AEAD interfaces.
- Cryptography: Working around RSA private key access issue in .NET 6.0 on Android.
- Common: Improved inner exception rethrow logic on .NET Framework 3.5/4.0.
- Common: Optimized internal data buffer methods.
- Released
- March282022
R6.3 #
(version 6.0.8123 from 2022-03-28)
Disabled HTTPS->HTTP redirect downgrading by default
Redirect downgrading from secure HTTPS to unsecure HTTPS is now disabled by default
in WebClient
and HttpRequest
classes.
To enable it and restore the previous (unsecure) behavior, use AllowRedirectDowngrade
option.
Detailed list of changes:
- HTTP: Added Settings.AllowRedirectDowngrade option (disabled by default).
- Networking: Added ProxySocket.Bind(Socket) protected method to allow more customization.
- SSH: Improved workaround for very old versions of Bitvise server that don't properly handle SSH channel closing.
- TLS Core: Added TlsSocket.CloseAsync method (alias for DisposeAsync method).
- TLS Core: Fixed occasional (rare) premature termination of the TLS connection when a remote party does not support TLS 1.3.
- TLS Core: Improved protocol mismatch detection.
- TLS Core: Optimized asynchronous Send/Receive operation in TLS 1.3.
- Cryptography: Improved Poly1305 internals.
- Cryptography: Slightly optimized encrypt/decrypt operations in symmetric branch of the CNG/BCrypt interop layer.
- Cryptography: Small optimization in ARM (Advanced NEON SIMD) implementation of ChaCha20.
- Common: Fixed rare premature finalization of a buffer in SSPI interop that might lead to an AccessViolationException.
- Common: Improved internal asynchronous infrastructure.
- Released
- January242022
R6.2 #
(version 6.0.8060 from 2022-01-24)
Maintenance release
This is a maintenance release that brings several enhancements and resolves some issues.
Detailed list of changes:
- Networking: Fixed timeout handling during name resolution.
- TLS Core: Fixed handling of TLS 1.3 signature_algorithms_cert extension.
- TLS Core: Optimized temporary object usage in TLS 1.3 Send/Receive metods.
- Cryptography: Fixed releasing of CNG handles in AES/GCM interop (issue only present in R6.1 on Windows).
- Released
- January082022
R6.1 #
(version 6.0.8044 from 2022-01-08)
Maintenance release
This is a maintenance release that brings several enhancements and resolves some issues.
Detailed list of changes:
- All: Fixed compatibility of Rebex binaries for .NET Framework 4.0 with ASP.NET 4.5 or higher.
- HTTP: Fixed workaround for server-side bug (fixed handling of servers that send more data than they announced).
- TLS Core: Optimized receive operation in TLS 1.3.
- TLS Core: Slight optimizations in TLS 1.3 on modern platforms.
- Cryptography: Caching of CNG algorithm provider handles.
- Cryptography: Fixed Certificate.​GetSignatureHashAlgorithm() for certificates signed by Ed25519 authorities.
- Cryptography: Fixed unmanaged resource leak in CertificateStore.
- Cryptography: Optimized symmetric branch of Windows CNG (BCrypt) interop layer.
- Released
- November252021
R6.0 #
(version 6.0.8000 from 2021-11-25)
Support for .NET 6.0!
This release adds a new set of binaries targeting .NET 6.0. It supports all .NET 6.0 platforms:
- Windows (x64, x86, ARM64)
- Linux (x64, ARM32, ARM64)
- macOS (x64)
Please note that support for Android and iOS/tvOS in .NET 6.0 is still in preview mode. We will fully support these platforms as soon as the corresponding .NET 6.0 update is published.
Support for Visual Studio 2022
All Rebex libraries are now fully supported in Microsoft Visual Studio 2022.
Async methods in WebClient
We added *Async
variants of WebClient
methods. (Please note that these are still implemented synchronously internally.)
Detailed list of changes:
- All: Added a new set of binaries targeting .NET 6.0.
- All: Removed several obsolete and deprecated APIs.
- All: Removed support for legacy ISerializable interface from binaries for .NET Standard.
- HTTP: Added asynchronous method overloads to WebClient class.
- SSH: Added support for SSH key algorithms based on ECDSA X.509 certificates (RFC 6187).
- Released
- November242021
R5.7 #
(version 5.0.7999 from 2021-11-24)
Support for .NET 6.0 and Windows 11
Windows 11 is now a supported platform.
Rebex assemblies targeting .NET Standard 2.1 now support .NET 6.0.
Support for PuTTY PPK3 key format
SshPrivateKey
class, PrivateKeyInfo
class and Certificate.SavePrivateKey
method now support PuTTY's new
PPK version 3 private key format.
Improved TLS 1.3 performance
We made a number of optimizations in the TLS 1.3 core, which increased speed and decreased CPU usage.
Improved HTTP API
We added HttpRequest.AddRange
method, HttpResponse.LastModified
property,
and support for CredentialCache
.
Detailed list of changes:
- All: Added support for .NET 6.0 on Windows, Linux and macOS.
- All: Added support for Windows 11.
- HTTP: Added HttpRequest.AddRange() method.
- HTTP: Added HttpResponse.LastModified property.
- HTTP: Added support for CredentialCache to HttpRequest.
- HTTP: Fixed handling of "401" responses with "Connection: close" when "Expect: 100-continue" is enabled.
- HTTP: Fixed handling of multiple "100 Continue" responses.
- HTTP: Fixed HTTP session caching when the response stream has not been read until end-of-stream.
- HTTP: Improved handling of empty UserName in NetworkCredential for Basic and Digest authentication.
- SSH: Added support for PuTTY PPK3 format to SshPrivateKey.
- SSH: Added support for 'x509v3-rsa2048-sha256' SSH key algorithm (RSA X.509 certificates, RFC 6187).
- SSH: Added workaround for a server with broken SSH window size handling logic.
- SSH: Fixed handling of oversized data packets from servers with broken window size.
- TLS Core: Improved TLS 1.3 performance.
- Cryptography: Added more values to X.509 RevocationReason enum.
- Cryptography: Added support for private keys in PuTTY PPK3 format (uses Argon2 key derivation function).
- Cryptography: Added workaround for Google's CRLs with non-constructed explicit ASN.1 nodes.
- Released
- October262021
R5.6 #
(version 5.0.7970 from 2021-10-26)
Support for .NET 6.0 RC2
Rebex assemblies targeting .NET Standard 2.1 have been fully tested on .NET 6.0 RC2 and are suitable to be used in production on Microsoft's latest .NET platform ahead of the official release.
Maintenance release
This release brings several enhancements in HTTP and shared functionality.
Detailed list of changes:
- All: Added support for .NET 6.0 RC2.
- HTTP: Added support for PreAuthenticate with Digest authentication method.
- HTTP: Very small timeouts (<1000) in HttpRequest.Timeout are treated as 1000 (one second).
- TLS Core: Fixed possible NullReferenceException in TLS 1.2 socket after it has been closed.
- TLS Core: Improved handling of exceptions in TlsSocket.Send method.
- Cryptography: Fixed handling of RSAParameters without DP/DQ in AsymmetricKeyAlgorithm and PrivateKeyInfo.
- Cryptography: Fixed loading of encrypted keys with empty passwords in new OpenSSH format.
- Cryptography: Small optimization in AVX2 implementation of ChaCha20.
- Released
- August172021
R5.5 #
(version 5.0.7900 from 2021-08-17)
New binaries for .NET Core 3.1
We added a new set of binaries targeting .NET Core 3.1. We have already been supporting that platform since 2019 via .NET Standard 2.1. However, the new set of binaries utilizes .NET Core's hardware intrinsics API and features our fast ChaCha20/Poly1305 implementation that has been previously only available on .NET 5.0.
For an overview of available binaries and supported platforms, check out Rebex Support Lifecycle KB article.
Detailed list of changes:
- All: Added 'netcoreapp3.1' binaries.
- All: Fixed compatibility with UWP and .NET Native compiler.
- HTTP: Enhanced error handling when more data than expected has been received.
- Released
- August052021
R5.4 #
(version 5.0.7888 from 2021-08-05)
Maintenance release
This release improves HTTP header ordering logic and resolves several issues in the shared functionality.
Detailed list of changes:
- HTTP: Order of HTTP request headers as specified by HttpRequest.Headers is used when constructing the HTTP request.
- Networking: Fixed casing in 'Basic' HTTP proxy authorization header.
- TLS Core: Fixed parsing of TLS 1.3 Certificate handshake message spanning multiple records.
- Cryptography: Fixed Certificate.FriendlyName setter in .NET 5.0 on non-Windows platforms.
- Released
- June182021
R5.3 #
(version 5.0.7840 from 2021-06-18)
Fixed FIPS-mode detection in .NET 4.8
This release fixes an issue in FIPS-mode detection routine that was not working properly in applications targeting .NET Framework 4.8 due to a change in the framework's behavior. This only affects applications targeting .NET Framework 4.8. Applications targeting earlier framework versions do not suffer from this issue even when running on .NET Framework 4.8.
If your application targets .NET Framework 4.8 and is supposed to honor system-wide FIPS mode settings, either upgrade to this release,
or set Rebex.Security.Cryptography.CryptoHelper.UseFipsAlgorithmsOnly
to System.Security.Cryptography.CryptoConfig.AllowOnlyFipsAlgorithms
in your application's startup code.
Detailed list of changes:
- SSH: Fixed race condition in OpenSSH-style compression startup code (occasionally caused connection failures during authentication with SSH compression was enabled).
- TLS Core: Added SslSettings.​SetPreferredSuites/​GetPreferredSuites methods to make it possible to specify client-side TLS cipher preference.
- TLS Core: Improved logging when remote party does not support TLS 1.3.
- TLS Core: Optimized TlsSocket.Negotiate method when TLS 1.3 is enabled but not supported by the remote side.
- TLS Core: Prevented 'unobserved' exceptions in task-based TLS 1.2 core.
- Cryptography: Added support for private keys using PBKDF2 with HMAC/SHA-2 (RFC 8018 / PKCS #5 v2.1).
- Cryptography: Fixed detection of FIPS-only systems on .NET Framework 4.8.
- Cryptography: Optimized creation of algorithm objects in CNG layer.
- Released
- May092021
R5.2 #
(version 5.0.7800 from 2021-05-09)
New ChaCha20Poly1305 class
This release features the new ChaCha20Poly1305
class that implements the 'combined mode' AEAD cipher
consisting of ChaCha20 stream cipher and Poly1305 authenticator,
as specified by RFC 7539.
Faster ChaCha20/Poly1305 on older platforms
We further improved performance of ChaCha20/Poly1305 in TLS and SSH on older platforms. It's not as fast as our .NET 5.0 implementation using AVX2 or Advanced NEON SIMD, but it's faster than ever before.
Detailed list of changes:
- HTTP: Enhanced error handling when connection is closed prematurely in chunked mode.
- Networking: Added support for SOCKS5 servers that respond with domain name.
- SSH: Optimized usage of ChaCha20/Poly1305 in SSH.
- Cryptography: Added ChaCha20Poly1305 class that implements ChaCha20/Poly1305 with an API that resembles .NET's AesGcm class.
- Cryptography: Added support for loading of ECDSA certificates from PFX/P12 files in .NET 5.0 and .NET Standard 2.1 on Linux and macOS.
- Cryptography: Added support for saving to PFX/P12 files for certificates with temporarily associated private keys in .NET 5.0 and .NET Standard 2.1 on Linux and macOS.
- Cryptography: AVX2 implementation of ChaCha20 releases old pre-generated keystream immediately after reinitialization.
- Cryptography: Clearing output data in AesGcm class when authentication tag is invalid.
- Cryptography: Fixed parsing of Cryptographic Message Syntax envelopes with unsupported OIDs.
- Cryptography: Improved ChaCha20/Poly1305 performance on .NET 3.5-4.6 and .NET Standard 2.x.
- Cryptography: Improved performance of AES/CTR ciphers (used in SSH).
- Common: Improved error handling when raising events via synchronization context.
- Released
- March032021
R5.1 #
(version 5.0.7733 from 2021-03-03)
Simplified release naming
We decided to drop the year from our release naming scheme. Instead of '2020 R5.1', this release is called just 'R5.1', and the forthcoming releases will use the same 'R5.x' naming scheme until the next major upgrade.
Faster ChaCha20/Poly1305 in .NET 5.0
By utilizing AVX2 (on Intel/AMD) or Advanced NEON SIMD (on ARM) via .NET's new hardware intrinsics API in .NET 5.0, we made our ChaCha20/Poly1305 implementation in SSH and TLS much faster. On ARM64, ChaCha20/Poly1305 is now even faster than Windows native AES/GCM.
This release improves ChaCha20/Poly1305 performance on older platforms as well, although not by such a big margin.
Detailed list of changes:
- All: Changed release naming scheme ('R5.1' instead of '2020 R5.1').
- HTTP: Fixed behavior of HttpSettings.SslSession (no longer ignored).
- Networking: Added workaround for rare WSAEWOULDBLOCK error on Mono in Socket.Connect.
- Networking: More meaningful exception is throw when attempting to use HTTP CONNECT proxy with NTLM authentication on platforms that don't support it.
- Networking: Optimized timeout infrastructure in ProxySocket.Connect.
- SSH: Added workaround for WingFTPServer server that uses 'ssh-rsa' with SHA-2 when client announces RSA/SHA-2 support.
- SSH: Fixed format of SshPublicKey.GetPublicKey() response for public keys initialized from PublicKeyInfo or AsymmetricAlgorithm.
- SSH: Fixed handling of unknown channel requests (not sending reply if not requested).
- TLS Core: Added VerifyMessage signature algorithm logging in TLS 1.3.
- TLS Core: Close/Dispose method called on TLS 1.3 socket ensures that all outstanding IO operations are canceled before the control is returned to the caller.
- TLS Core: Fixed possible rare NullReferenceException when closing TLS 1.3 session.
- TLS Core: Synchronous methods on TlsSocket wrap TaskCanceledException to TlsException.
- Cryptography: Added workaround to Certificate.LoadDer method to enable loading of certificates in PKCS #7 containers.
- Cryptography: Enhanced implicit operator for conversion of Certificate->X509Certificate2 to retain private keys on non-Windows platforms as well.
- Cryptography: Fixed Ed25519 PKCS #8 key structure (now compatible with OpenSSL).
- Cryptography: Optimized memory usage in symmetric encryption transformations based on Windows CNG API.
- Cryptography: Substantial speed-up of ChaCha20/Poly1305 (used in SSH and TLS). Utilizing AVX2 or Advanced NEON SIMD on .NET 5.0 (if available).
- Common: Accelerated common byte array operations in .NET 5.0 on devices with AVX2 support.
- Released
- November102020
2020 R5 #
(version 5.0.7620 from 2020-11-10)
Support for .NET 5.0!
This release adds a new set of binaries targeting .NET 5.0. It supports all .NET 5.0 platforms:
- Windows (x64, x86, ARM64)
- Linux (x64, ARM32, ARM64)
- macOS (x64)
Support for Ed25519 X.509 certificates in TLS 1.3
We added support for TLS 1.3 with X.509 certificates using Ed25519 algorithm (EdDSA on edwards25519 curve) to all Rebex libraries with TLS support.
However, due to limitations of .NET and all supported operating systems, a custom certificate validator is needed to validate Ed25519 certificates.
New AES/GCM API
Our new Rebex.Security.Cryptography.AesGcm
class resembles .NET 5.0's class of the same name,
but it's available on all supported platforms including .NET Framework 3.5/4.0 and Mono 5/6.
Detailed list of changes:
- All: Added support for .NET 5.0 on all platforms.
- HTTP: Enhanced authentication to only attempt to use NTLM, Kerberos or Negotiate if the OS is configured to supports them.
- HTTP: Fixed possible NullReferenceException in Cookie parser if the received cookie contains particular corrupted value.
- TLS Core: Added support for X.509 certificates with Ed25519 keys to TLS 1.3.
- TLS Core: Improved exception messages in TLS 1.3.
- Cryptography: Added built-in support for Ed25519 algorithm.
- Cryptography: Added Rebex.Security.Cryptography.AesGcm class (equivalent to .NET 5.0's AesGcm class, but available on all platforms including .NET Framework 3.5).
- Cryptography: Added SetOtherNames/GetOtherNames methods to CertificateInfo class ('Other Name' support in SANs).
- Cryptography: AsymmetricKeyAlgorithm.ImportKey method can initialize Ed25519 key from seed (in addition to private key).
- Cryptography: AsymmetricKeyAlgorithm.Register method made thread-safe.
- Cryptography: Deprecated CryptoHelper.ForceManagedAes property.
- Cryptography: Enhanced compatibility with unsupported legacy versions of CryptoAPI.
- Cryptography: Enhanced SignedData.Load(Stream) and EnvelopedData.Load(Stream) methods to support Base64-encoded format (PEM) as well.
- Cryptography: Enhanced workaround for RSA CSPs with lack of SHA-2 support.
- Common: Added SspiAuthentication.IsSupported method.
- Common: Enhanced EncodingTools helper class to always provide Encodings with implemented HeaderName, EncodingName and BodyName properties.
- Released
- September302020
2020 R4 #
(version 5.0.7579 from 2020-09-30)
Fully tested on .NET 5.0 RC1
Rebex assemblies targeting .NET Standard 2.1 have been fully tested on .NET 5.0 RC1 and are suitable to be used in production on Microsoft's latest .NET platform.
Enhanced HTTP cookie API
This release adds HttpRequest.CookieContainer
and HttpResponse.Cookies
properties,
making cookie manipulation easier.
Detailed list of changes:
- All: Fixed several minor compatibility issues on .NET 5.0 RC1.
- HTTP: Added HttpRequest.CookieContainer and HttpResponse.Cookies properties.
- HTTP: Improved TLS session cache behavior in scenarios with load balancing servers.
- Networking: Restored missing NetworkSession.InstanceId property.
- TLS Core: Fixed concurrent access in server-side TLS session cache.
- TLS Core: Fixed normalization of premaster secret in server-side ECDH calculations in TLS 1.2 and earlier.
- TLS Core: Updated TlsCipherSuite.Secure/Weak/Fast enum values. Updated TlsParameters.AllowedSuite default.
- Cryptography: Added Ed25519 support to Certificate class. (Not yet supported by the built-in certificate validator due to lack of support in Windows and .NET).
- Cryptography: Fixed handling of non-content data in Certificate(byte[]) constructor and CertificateChain.LoadP7b(Stream) / CertificateRevocationList.​Load(Stream) methods.
- Cryptography: Fixed parsing of constructed primitive ASN.1 types with more than two layers of nesting.
- Cryptography: Fixed version number in PKCS #10 CertificationRequest structure.
- Cryptography: Prohibited usage of Chacha20/Poly1305 in TLS 1.3 in FIPS-only mode. (Already prohibited in TLS 1.2 or earlier.)
- Cryptography: Updated RSAManaged constructor logic to make it suitable as a base for derived classes on .NET Framework in FIPS-compliant mode.
- Cryptography: Using Windows CNG API for Diffie-Hellman parameter generation on Windows 10 and Windows Server 2016/2019.
- Common: Optimized internal cancellation infrastructure on old platforms.
- Common: Removed usage of BinaryFormatter which has been found to be insecure.
- Common: Updated EncodingTools.GetEncoding method to prefer encodings provided by .NET.
- Released
- July142020
2020 R3 #
(version 5.0.7501 from 2020-07-14)
Binaries for .NET Standard 2.1
We added a new set of binaries targeting .NET Standard 2.1. They are suitable for .NET Core 3.1 and .NET 5.0 Preview 6, on Windows, Linux and macOS.
For an overview of available binaries and supported platforms, check out Rebex Support Lifecycle KB article.
Improved TLS core
This release brings enhancements, optimizations and fixes in the TLS core.
Detailed list of changes:
- All: Added binaries targeting .NET Standard 2.1.
- HTTP: Fixed HTTP request retry behavior. Retry request is not initiated when failed request already started sending the request body.
- SSH: Enhanced legacy group exchange autodetection.
- TLS Core: Added TlsSocket.ApplicationProtocol property to make it possible to determine protocol negotiated using ALPN extension.
- TLS Core: Always preferring RSA/SHA-2 for client certificate authentication in TLS 1.2.
- TLS Core: Disabled ciphers based on AES/CBC and SHA-2 in legacy versions of TLS (they are only specified by TLS 1.2).
- TLS Core: Fixed availability of TLS 1.3 session tickets (client side).
- TLS Core: Fixed handling of multiple concurrent Receive or Send method calls in TLS 1.3.
- TLS Core: Fixed handling of TLS 1.3 KeyUpdate handshake message.
- TLS Core: Fixed server name handling for TlsSocket instances created from an already-connected Socket.
- TLS Core: Fixed TlsException.Status to return ConnectionClosed for connection-closed errors.
- TLS Core: Fixed TlsException.Status to return Timeout for timeout errors.
- TLS Core: Fixed TlsSocket.ClientCertificate that returned an empty chain instead of null in some scenarios.
- TLS Core: Improved error message when server certificate is rejected in TLS 1.3.
- TLS Core: Improved error messages in TLS 1.3.
- TLS Core: Logging improvements.
- TLS Core: No longer sending 'internal error' alert to remote end on timeout.
- TLS Core: Optimized TLS 1.3 internals.
- TLS Core: TLS 1.3 initiates key update properly (before the AEAD limits are reached).
- TLS Core: Unified behavior of the Receive and ReceiveAsync methods across TLS versions.
- Cryptography: Fixed encoding of ECDSA signatures in PKCS #7 CertificationRequest structure.
- Cryptography: Memory usage optimizations in CNG layer.
- Cryptography: On Windows 10 and Windows Server 2016 or higher, Windows CNG API is used for classic Diffie-Hellman calculations instead of legacy Windows CryptoAPI.
- Cryptography: Optimized disposing of temporary keys in Certificate class.
- Released
- May242020
2020 R2 #
(version 5.0.7450 from 2020-05-24)
Maintenance release
This is a maintenance release with enhancements in the shared functionality.
Detailed list of changes:
- SSH: Added new properties to SshCipher to make it possible to determine IDs of active ciphers.
- SSH: Added workaround for a weakness in legacy CBC ciphers.
- TLS Core: Enhanced TlsSocket.Timeout property to apply to subsequent Send, SendAsync, Receive and ReceiveAsync methods even when TLS is already active.
- TLS Core: Fixed availability of TLS 1.3 session ticket when the receive side of the connection has already been closed.
- TLS Core: Fixed behavior of server-side DoNotCacheSessions option (which previously led to connection failures).
- TLS Core: Fixed some cases of missing AggregateException unwrapping.
- TLS Core: Improved and unified behavior of TlsSocket Shutdown/ShutdownAsync methods when negotiation has not been started.
- TLS Core: Improved TLS exception reporting.
- TLS Core: Logging improvements.
- TLS Core: Optimizations in TLS 1.3 internals.
- TLS Core: Support for the TLS 1.3 record with empty application data payload and random padding.
- TLS Core: Unified TlsSocket.Cipher property behavior across TLS versions.
- Cryptography: Added ContentInfo.ToStream() method.
- Cryptography: Enhanced Certificate.LoadDerWithKey to support RSASSA-PSS and RSAES-OAEP for RSA keys.
- Cryptography: Fixed AsymmetricKeyAlgorithm.​GenerateDiffieHellmanParameters slowness (only affected the previous release).
- Cryptography: Improved AsymmetricKeyAlgorithm to support RSASSA-PSS and RSAES-OAEP with keys loaded via ImportKey method.
- Cryptography: Optimized Certificate and CertificateChain class to only consume native resources when needed.
- Cryptography: Optimized CNG handles cleanup.
- Released
- March252020
2020 R1.1 #
(version 5.0.7390 from 2020-03-25)
Reintroducing fast Diffie-Hellman on Xamarin.Android
Until 2019 R4.2, Rebex binaries for Xamarin.Android platforms used Android's cryptographic API for Diffie-Hellman calculations. However, this functionality is no longer available in current Rebex binaries targeting Xamarin.Android via .NET Standard 2.0. To make it possible to use the faster Diffie-Hellman implementation on Xamarin.Android again, we have added it to our native extensions library. Once enabled, it will make Diffie-Hellman key exchange in TLS as fast on Xamarin.Android as before.
Detailed list of changes:
- Networking: Fixed rare race condition in TLS and SSH internals.
- TLS Core: Fixed breaking changes in the behavior of seldom-used parts of TlsSocket API.
- TLS Core: Fixed handling of OperationCanceledException in TLS 1.3 core.
- TLS Core: Improved TLS logging.
- Common: Added DiffieHellmanNative class to Rebex.Common.Native assembly (speeds up Diffie-Hellman calculations on Xamarin.Android).
- Released
- February212020
2020 R1 #
(version 5.0.7357 from 2020-02-21)
.NET Standard 2.0 on Xamarin.Android and Xamarin.iOS
Rebex binaries targeting .NET Standard 2.0 are now supported on Xamarin.Android and Xamarin.iOS. Previously-available binaries targeting specific Xamarin platforms have been deprecated, and .NET Standard 2.0 binaries should be used instead.
Note: Applications that require certificate validation
also need to use the new Rebex.Common.Native.dll
assembly which provides
validation of X.509 certificates on Xamarin.Android and Xamarin.iOS.
ChaCha20-Poly1305 support in TLS 1.3 and 1.2
Our TLS 1.3/1.2 core now supports the following ChaCha20-Poly1305 cipher suites:
- TLS_CHACHA20_POLY1305_SHA256 (TLS 1.3)
- TLS_​DHE_​RSA_​WITH_​CHACHA20_​POLY1305_​SHA256 (TLS 1.2)
- TLS_​ECDHE_​RSA_​WITH_​CHACHA20_​POLY1305_​SHA256 (TLS 1.2)
- TLS_​ECDHE_​ECDSA_​WITH_​CHACHA20_​POLY1305_​SHA256 (TLS 1.2)
To enable these ciphers, use Settings.SetSymmetricCipherSuites(...)
method for TLS 1.3
and Settings.SslAllowedSuites
property for TLS 1.2.
Native X25519 elliptic curve support on Windows 10
On Windows 10, Windows Server 2016 and Windows Server 2019, Rebex libraries using ECDH key exchange in TLS or SSH now support X25519 curve (also known as Curve25519) without any external plugins.
End of Standard Support for .NET Framework 2.0 and 3.0
2019 R4.2 was the last release to include support for .NET Framework 2.0 and 3.0 in the standard package. Customers using these platforms are advised to migrate to .NET Framework 3.5 SP1, which will enjoy mainstream support until 2023-10-10.
For customers who are unable to migrate, a Legacy Edition of Rebex libraries for .NET Framework 2.0/3.0 is available.
Deprecated .NET Core 1.0/1.1
.NET Core 1.1 and 1.0 became end-of-life platforms at 2019-06-27. In accordance with our framework support policy, they are no longer supported by Rebex libraries. Customers using these platforms are advised to migrate to .NET Core 2.1 or .NET Core 3.1.
Detailed list of changes:
- All: Binaries targeting .NET Standard 2.0 now support Xamarin.Android and Xamarin.iOS.
- All: Deprecated binaries targeting .NET Standard 1.5, Xamarin.Android and Xamarin.iOS.
- All: Fixed several occurences of culture-sensitive string formatting.
- All: Fixed several occurrences of wrong synchronization context.
- All: Mainstream edition no longer supports .NET Framework 2.0/3.0 and .NET Core 1.0/1.1.
- SSH: Added full support for Elliptic Curve Diffie-Hellman (ECDH) on Windows 10, Windows Server 2016 and Windows Server 2019.
- SSH: Added support for 'curve25519-sha256' key exchange cipher (equivalent to already-supported 'curve25519-sha256@libssh.org').
- SSH: Enhanced performance of ChaCha20-Poly1305 cipher ('chacha20-poly1305@openssh.com') in SSH client.
- SSH: Fixed possible deadlock in SSH client when processing incoming EOF packet while waiting for remote receive buffer size to increase.
- TLS Core: Added asynchronous methods to TlsSocket base class.
- TLS Core: Added SetSymmetricCipherSuites/​GetSymmetricCipherSuites methods to configure enabled TLS 1.3 cipher suites.
- TLS Core: Added support for ChaCha20-Poly1305 cipher suites to TLS 1.3 and 1.2.
- TLS Core: Fixed behavior of TlsSocket methods after Dispose has been called.
- TLS Core: Fixed behavior of TlsSocket.Shutdown.
- TLS Core: Improved argument checks in TlsSocket base class.
- TLS Core: Improved multi-pass parsing of the TLS 1.3 records.
- TLS Core: Many optimizations in TLS 1.3 core.
- Cryptography: Added full support for Elliptic Curve Diffie-Hellman (ECDH) on Windows 10, Windows Server 2016 and Windows Server 2019.
- Cryptography: Added native support for ECDH with X25519 curve on Windows 10, Windows Server 2016 and Windows Server 2019.
- Common: Internal optimizations.
- Released
- January152020
2019 R4.2 #
(version 5.0.7320 from 2020-01-15)
Maintenance release
This release improves certificate selection and solves several issues in the shared functionality.
Detailed list of changes:
- HTTP: Improved selection logic of client certificates in HttpRequest.ClientCertificates collection.
- SSH: Fixed possible deadlock during SSH renegotiation (client-side).
- TLS Core: Fixed renegotiation in TLS 1.2 (has been broken since 2019 R4).
- Cryptography: Added workaround for RSA signatures shorter than the key size (.NET Core on Linux is unable to handle them).
- Cryptography: Fixed AsymmetricKeyAlgorithm.​GetRawPublicKey() key format when RSA via MS CNG is in use.
- Cryptography: Only known external plugins are allowed for enhanced security.
- Cryptography: Saving public key as well when saving X25519 private keys.
- Released
- December162019
2019 R4.1 #
(version 5.0.7290 from 2019-12-16)
.NET Core 3.1 support
.NET Core 3.1 is now supported on the following platforms:
- Windows (x64, x86, ARM32)
- Windows 10 IoT (x64, x86, ARM32)
- Linux (x64, ARM32)
- macOS (x64)
TLS 1.3 improvements
This release fixes several issues in our new TLS 1.3 core. If you are already using TLS 1.3, upgrading to this release is recommended.
Please note that TLS 1.3 support is not enabled by default yet to prevent interoperability issues
with legacy third-party servers. To enable it, use SslAllowedVersions
setting, as described
in our TLS 1.3 support announcement.
Detailed list of changes:
- All: Added support for .NET Core 3.1.
- All: Added support for Mono 6.x.
- HTTP: Added GetHeaders methods representing HEAD request to WebClient class.
- HTTP: Added missing ResponseHeaders property to WebClient class.
- Networking: Added missing 'buffer' argument check to some Send/Receive methods in ProxySocket/TlsSocket.
- Networking: Fixed unhandled ObjectDisposedException or misleading SocketException when ProxySocket.Connect aborted due to timeout.
- SSH: Added a workaround for a bug introduced in OpenSSH 8.0 that rejects 'sender channel' numbers in the upper half of uint32 range.
- SSH: Added SshEncryptionMode.AEAD (to replace SshEncryptionMode.GCM).
- SSH: Added support for ChaCha20-Poly1305 AEAD cipher ('chacha20-poly1305@openssh.com') to SSH client.
- TLS Core: Added support for RSASSA-PSS signatures in TLS 1.2 when TLS 1.3 has been enabled.
- TLS Core: Avoid unwanted truncation of outgoing TLS 1.3 messages when TlsSocket is disposed.
- TLS Core: Enhanced error message when no suitable curve is available.
- TLS Core: Fixed compatibility issue with Xamarin's "Sdk Assemblies Only" option.
- TLS Core: Fixed exception type to TlsException for TLS 1.3 errors.
- TLS Core: Fixed handling of TLS 1.3 PSK-KE.
- TLS Core: Fixed check of signature algorithm in TLS 1.3 CertificateVerify.
- TLS Core: Fixed occasional failure when negotiating TLS 1.2 or lower when TLS 1.3 is allowed.
- TLS Core: Fixed order of supported signature schemes in TLS 1.3 ClientHello message.
- TLS Core: Fixed parsing of fragmented TLS 1.3 handshake messages.
- TLS Core: Fixed parsing of the TLS 1.3 KeyShare extension.
- TLS Core: Fixed potential NullReferenceException when TLS 1.3 negotiation has been interrupted unexpectedly.
- TLS Core: Fixed selection of signature algorithm used in CertificateVerify handshake messages.
- TLS Core: Not announcing support for X.509 certificates with Ed25519 or RSASSA-PSS public key OID (not supported yet).
- TLS Core: Optimizations in TLS 1.3 internals.
- Cryptography: Added workaround for bad RSA/PSS signature algorithm identifiers with missing parameters.
- Cryptography: Enabled workaround for private key loading from Mono key store in .NET Standard edition on Mono.
- Cryptography: Enhanced 'Invalid key format' error message when loading a private key.
- Cryptography: Fixed serial number handling in CertificateIssuer to conform to RFC 5280 constraints.
- Common: Binaries for .NET Standard 1.5 now use System.Collections.NonGeneric instead of custom implementations.
- Common: Enabled Xamarin.Android workarounds in .NET Standard 2.0 edition.
- Common: Improved ISafeSerializationData support detection.
- Released
- October312019
2019 R4 #
(version 5.0.7244 from 2019-10-31)
Support for TLS 1.3
HttpRequestCreator/HttpRequest
and WebClient
classes
feature support for HTTPS over TLS 1.3.
Detailed list of changes:
- HTTP: Added support for TLS 1.3.
- HTTP: Fixed port handling in HTTP session caching.
- HTTP: Fixed WebException.Status and Message for errors related to DNS resolving, proxies and TLS.
- TLS Core: Added support for ALPN TLS extension to TlsSocket.
- TLS Core: Added TlsBulkCipherMode.AEAD (to replace TlsBulkCipherMode.GCM).
- TLS Core: Removed support for two legacy unsecure anonymous ciphers (DH_anon_EXPORT_WITH_DES40_CBC_SHA and DH_anon_EXPORT_WITH_RC4_40_MD5).
- Cryptography: Added PkcsBase.LoadSignedOrEnvelopedData method (a replacement for deprecated PkcsBase.Load).
- Released
- September232019
2019 R3.2 #
(version 5.0.7206 from 2019-09-23)
.NET Core 3.0 support
This release introduces support for .NET Core 3.0 on the following platforms:
- Windows (x64, x86, ARM32)
- Windows 10 IoT (x64, x86, ARM32)
- Linux (x64, ARM32)
- macOS (x64)
Windows 10 IoT support
This release introduces support for .NET Core 3.0 on Windows 10 IoT on x64, x86 and ARM32 platforms.
Detailed list of changes:
- All: Added support for .NET Core 3.0.
- All: Added support for Windows 10 IoT (via .NET Core 3.0).
- HTTP: Fixed an issue in cachable HTTP session detection that prevented sessions from being cached in some scenarios.
- SSH: Added SshGssApiCredentials.AccountName property to make it possible to specify an account name to be passed to the SSH server.
- SSH: Added workaround for legacy WS_FTP 7.x servers that encode long SSH packets improperly.
- SSH: Fixed SshChannel.SendEof method not to send EOF when channel has already been closed.
- Common: Optimized internal Task infrastructure on old .NET platforms.
- Released
- August092019
2019 R3.1 #
(version 5.0.7161 from 2019-08-09)
Removed SSL 3.0 from TlsVersion.Any
TlsVersion.Any
is no longer used by any Rebex library, but it might be used in custom applications.
This could present a security issue because until now, TlsVersion.Any
still used to contain TlsVersion.SSL30
.
SSL 3.0, a predecessor to TLS 1.0 protocol, has been published in 1996. It is comprehensively broken
and should no longer be used. Application that still use it violate RFC 7568, which deprecated SSL 3.0 in 2015.
Detailed list of changes:
- All: Added support for serialization on Xamarin.Android and Xamarin.iOS platforms.
- TLS Core: Modified TlsVersion.Any to only include TLS 1.0, 1.1 and 1.2.
- Cryptography: Fixed handling of user-supplied RSACng in AsymmetricKeyAlgorithm and SshPrivateKey on modern platforms.
- Released
- June282019
2019 R3 #
(version 5.0.7119 from 2019-06-28)
Support for .NET Standard 2.0 on Mono 5.14 and higher
Binaries of Rebex libraries targeting .NET Standard 2.0 are now also supported on Mono 5.14 and higher.
End of Standard Support for .NET Compact Framework 3.5 and 3.9
2019 R3 is the last release that includes support for .NET Compact Framework 3.5 and 3.9 in the standard package. Starting with 2019 R4, .NET CF 3.5/3.9 will only be supported with Legacy Editions, which will be available as separate products. See their release history.
Detailed list of changes:
- All: Binaries targeting .NET Standard 2.0 are now supported on Mono 5.14 or higher.
- SSH: Added SshPrivateKey.Generate(...) methods on .NET Compact Framework.
- SSH: Added workaround for broken EtM ciphers in OpenSSH 6.6.
- SSH: Enhanced GlobalScape SSH server detection.
- SSH: Enlarged upper limit for non-standard DSA keys to 8192 bits on .NET Framework and .NET Core.
- SSH: Fixed reporting of SSH_MSG_USERAUTH_GSSAPI_ERROR and SSH_MSG_USERAUTH_GSSAPI_ERRTOK responses.
- TLS Core: Added TlsCipherSuite.Fast enum value.
- TLS Core: Fixed a bug in server-side mode of TlsSocket that caused client certificate authentication to fail.
- TLS Core: Internal changes in the TLS layer (in preparation for the upcoming TLS 1.3 support on mainstream platforms).
- Cryptography: Added Certificate.GetPrivateKeyInfo() method.
- Cryptography: Added CertificateEngine.LocalMachine engine and CertificateEngine.Bind method.
- Cryptography: Added support for SHA-224 hash algorithm.
- Cryptography: Added support for X25519 key format (RFC 8410).
- Cryptography: Always using AES by default to encrypt PKCS #8 private keys.
- Cryptography: Meaningful error message for the CNG AEAD auth tag mismatch.
- Common: Optimized asynchronous continuations on modern platforms.
- Common: Upgraded Task infrastructure in Xamarin.Android binaries.
- Released
- May172019
2019 R2 #
(version 5.0.7077 from 2019-05-17)
Support for Visual Studio 2019
All Rebex libraries are now fully supported in Microsoft Visual Studio 2019.
Support for .NET Framework 4.8
.NET Framework 4.8 is a fully supported platform.
Native elliptic curve cryptography on Linux with .NET Core 2.1 or higher
On Linux, binaries for .NET Standard 2.0 now utilize OpenSSL elliptic curve routines via .NET Core 2.1 (or higher), making it possible to use ECDH and ECDSA ciphers in TLS/SSL and SFTP/SSH with no need of external plugins.
Detailed list of changes:
- All: Added support for .NET Framework 4.8 and Visual Studio 2019.
- All: Removed leftover Trace.Write logging.
- HTTP: Added support for legacy HTTP digest authentication.
- HTTP: Added WebClient.Timout property.
- SSH: Added dummy support for SSH_MSG_EXT_INFO (RFC 8308).
- Cryptography: Added CertificationRequest.Save method.
- Cryptography: Added support for ECDSA and ECDH on .NET Core 2.1/.2.2 on Linux (no need for external plugins).
- Cryptography: Added workaround for broken export of RSA keys from the CNG providers on Windows 7.
- Cryptography: Added workaround for CRLs with redundant trailing data to CertificateRevocationList.
- Cryptography: Added workaround for legacy versions of Mono with lack of SHA-2 support.
- Common: Asynchronous infrastructure improvements.
- Released
- March282019
2019 R1 #
(version 5.0.7027 from 2019-03-28)
Improved platform support
This release adds three new sets of binaries targeting the following platforms:
- .NET Core 2.0/2.1/2.2 (via .NET Standard 2.0)
- .NET Framework 4.6.x/4.7.x
- .NET Framework 3.5 SP1
For an overview of available binaries and supported platforms, check out Rebex Support Lifecycle KB article.
Optimized AES/GCM performance
Improved performance of AES/GCM ciphers in TLS and SSH protocols on .NET Compact Framework and non-Windows platforms.
Improved compatibility with HttpWebRequest
HttpRequest
now features PreAuthenticate
and Expect
properties
that aim to be compatible with .NET's HttpWebRequest
.
Detailed list of changes:
- All: Added binaries targeting .NET Framework 3.5 SP1.
- All: Added binaries targeting .NET Framework 4.6 and higher.
- All: Added binaries targeting .NET Standard 2.0.
- All: Removed long-deprecated API. Deprecated legacy API.
- HTTP: Added support for WebRequest.PreAuthenticate.
- HTTP: 'Host' HTTP header fixed to include port when required.
- HTTP: Changed behavior of HTTP redirects to match system HttpWebRequest behavior (primarily changing HTTP method to GET).
- HTTP: Implemented HttpRequest.Expect property and enabled by default.
- Networking: Fixed passing of state to the callback method in ProxySocket.BeginConnect and TlsSocket.BeginConnect.
- SSH: Changed behavior of SshFingerprint.ToString() and .ToArray() to use SHA-256.
- SSH: Improved performance of AES/GCM ciphers on .NET Compact Framework and non-Windows platforms.
- SSH: RSA host keys are preferred to DSA host keys.
- SSH: SHA-512 is only used during SSH client authentication when the RSA key length allows it.
- SSH: SshParameters.MinimumRsaKeySize now applies to client RSA keys as well.
- SSH: Using standard form of Diffie-Hellman group exchange with GlobalScape servers.
- TLS Core: Fixed passing of state to the callback method in ProxySocket.BeginConnect and TlsSocket.BeginConnect.
- TLS Core: Improved performance of AES/GCM ciphers on .NET Compact Framework and non-Windows platforms.
- Cryptography: Fixed behavior of HMAC mode in KeyMaterialDeriver.​DeriveKeyMaterial method.
- Cryptography: Fixed garbage collection issue with PFX-based certificate keys on non-Windows platforms.
- Cryptography: Fixed handling of shared secred padding in AsymmetricKeyAlgorithm.​GetKeyMaterialDeriver.​
- Cryptography: Fixed possible NullReferenceException in CertificationRequest.​GetAlternativeHostnames method.
- Common: Fixed Certificate.Associate with permanent bind on .NET Compact Framework to ensure the key is not garbage-collected.
- Common: LocalItem constructor no longer fails on items with invalid paths.
- Released
- December212018
2018 R4 #
(build 6930 from 2018-12-21)
Maintenance release
This is a maintenance release with several enhancements.
Detailed list of changes:
- HTTP: Added HttpSettings.​HttpSessionCacheTimeout property.
- HTTP: Added logging of HTTP 'Connection' header.
- Networking: ProxySocket and TlsSocket implement IDisposable now.
- Networking: Added workaround to ProxySocket for ObjectDisposedException in Socket.ConnectAsync on .NET Core for macOS.
- SSH: Enhanced legacy group exchange autodetection.
- SSH: Fixed handling of Ssh.Encoding property.
- SSH: Fixed SshPublicKey(PublicKeyInfo) constructor that only accepted RSA or DSA keys.
- SSH: Fixed Verbose logging of interactive authentication.
- SSH: Changed SshParameters.MinimumRsaKeySize from 1024 to 1023 bits.
- TLS Core: Improved server certificate usage check.
- TLS Core: Improved TLS logging.
- Cryptography: Added support for 'BEGIN RSA PUBLIC KEY' keys (PKCS #1 / RFC 3447) to PublicKeyInfo.
- Cryptography: Added support for IP addresses in Subject Alternative Name certificate extension.
- Common: Added support for new OpenSSH key format with AES-CTR encryption.
- Common: Fixed possible certificate validation failures on some versions of Xamarin.Android.
- Released
- October262018
2018 R3 #
(build 6874 from 2018-10-26)
Password-hiding in Verbose logging mode
Communication logs created with Verbose
level no longer contain authentication credentials,
which makes it more convenient and safer to share them with others.
Support for canceling HTTP requests
Implemented HttpRequest.Abort()
method and added WebClient.Cancel()
method to make it possible to cancel
pending requests.
Auto-connect on .NET Compact Framework
Added auto-connect feature on .NET Compact Framework.
Enabling HttpRequestCreator
's or WebClient
's Settings.AutoConnectToInternet
property
will make the library to try to establish an Internet connection automatically.
Connection-establishing API for .NET CF
Added very simple connection-establishing API for .NET Compact Framework (Rebex.Net.ConnectionManagement
namespace).
Detailed list of changes:
- All: Added password-hiding in Verbose logging mode.
- All: Added experimental support for Mono on Windows.
- All: Fixed messages of some ObjectDisposedException objects.
- HTTP: Added WebClient.Cancel() method.
- HTTP: Added Content-Encoding logging in Debug log level.
- HTTP: HttpRequestCreator.​Settings.​SslServerName is no longer ignored.
- HTTP: HttpRequest.Abort() method is supported now.
- HTTP: HttpRequest.Timeout applied to TLS negotiation as well.
- HTTP: Added HttpRequestCreator.​Settings.​AutoConnectToInternet on .NET Compact Framework.
- Networking: Added simple connection manager API on .NET Compact Framework (Rebex.Net.ConnectionManagement namespace).
- Networking: Report a meaningful error message when .NET Compact Framework's 'not a socket' issue is encountered.
- SSH: Added SshParameters.MaximumPacketSize property.
- SSH: Fixed Login not to block Dispose in Sftp, Scp and Ssh classes.
- SSH: Using UTF-8 at SSH protocol level by default in Sftp, Scp and Ssh classes.
- SSH: Added logging of SSH channel window size adjustments.
- SSH: Fixed decompression in encrypt-then-mac (EtM) MAC mode.
- TLS/SSL: TLS cipher suite being negotiated is logged as soon as possible.
- Cryptography: CertificateStore implements IEnumerable<Certificate>.
- Cryptography: Proper error is reported when trying to validate ECDSA certificates on Mono.
- Common: Added optimized thread pool on .NET Compact Framework.
- Released
- September032018
2018 R2.1 #
(build 6821 from 2018-09-03)
Enhancements and bugfixes
This is a maintenance release with several bugfixes and enhancements.
Detailed list of changes:
- HTTP: Made it possible to set 'User-Agent' header using Headers collection.
- Networking: Added Proxy.HttpUserAgent property to make it possible to specify User-Agent for HTTP CONNECT proxies.
- Networking: ProxySocket methods now throw ObjectDisposedException when disposed.
- SSH: Fixed data buffering when raising SshChannel.ExtendedDataReceived event.
- Cryptography: Optimized certificate signature validation on .NET Compact Framework.
- Released
- June292018
2018 R2 #
(build 6755 from 2018-06-29)
New fully supported platform: .NET Core on macOS
This release adds full support for .NET Core 2.x on macOS.
HttpWebRequest-like ClientCertificates collection
Added HttpRequest.ClientCertificates collection.
Enhancements and bugfixes
Enhancements and bugfixes in the shared functionality.
Detailed list of changes:
- All: Added support for .NET Core on macOS.
- HTTP: Added HttpRequest.ClientCertificates collection.
- Networking: Closed ProxySocket objects throw more meaningful exception.
- SSH: Added support for additional formats to SshPublicKey.
- SSH: Fixed possible bug in SshPublicKey loading.
- SSH: Added SshPrivateKey.GetPrivateKeyInfo() method.
- TLS/SSL: Added SslSettings.​SslServerCertificateValidationOptions and SslCertificateValidationEventArgs.​Options properties.
- Cryptography: Added workaround for eToken CSP private key operations.
- Cryptography: Fixed possible 'Unexpected key algorithm' error in AsymmetricKeyAlgorithm.
- Cryptography: Fixed Certificate.​GetSignatureHashAlgorithm() for RSASSA-PSS certificates
- Cryptography: RSACryptoServiceProvider usability detection made more compatible.
- Cryptography: Fixed CertificateStore.Exists on .NET Core.
- Cryptography: Fixed Certificate.HasPrivateKey for non-silent keys.
- Cryptography: Fixed potential security vulnerability in RSAManaged class (proper padding check in signature verification).
- Common: Fixed compatibility with AWS Lambda.
- Released
- April252018
2018 R1.1 #
(build 6690 from 2018-04-25)
New fully supported platform: .NET Core on Linux
This release adds full support for .NET Core 2.x on Linux.
Detailed list of changes:
- All: Added support for .NET Core on Linux.
- HTTP: Added workaround for compressed response data not properly finished with a final block. Exception is still thrown if the decompressor was unable to flush all data to be processed.
- HTTP: Enhanced response logging.
- SSH: Fixed handling of invalid data packets claiming to contain more data than their payload length.
- TLS/SSL: Fixed error raising in TlsSocket's EndSend/EndReceive methods.
- Cryptography: Enhanced error message when trying to use signing-only RSA certificate for decryption.
- Cryptography: Fixed private key exporting on .NET Core on Linux.
- Cryptography: Fixed retrieval of certificate with bound keys from store on .NET Core on Linux.
- Cryptography: Fixed possible NullReferenceException in built-in custom certificate validator on .NET Compact Framework. Could occur using CRL validation.
- Cryptography: Fixed DSAManaged.ExportParameter method that failed to export parameters with missing Seed.
- Cryptography: Added CertificateEngine.​BuildChain(Certificate) method.
- Cryptography: Current CertificateEngine's BuildChain method is now used in CMS (PKCS #7) SignedData and EnvelopedData.
- Cryptography: Added Certificate.Tag property to make it possible to associate custom objects with a particular Certificate instance.
- Cryptography: Enhanced logging in built-in custom certificate validator on .NET Compact Framework.
- Released
- April012018
2018 R1 #
(build 6666 from 2018-04-01)
Enhancements and bugfixes
This is a maintenance release with bugfixes, workarounds and enhancements in several areas.
Detailed list of changes:
- HTTP: Added HttpRequest constructor (an alternative to HttpRequestCreator.Create method).
- HTTP: Fixed automatic redirection to resemble behavior of .NET's HttpWebRequest.
- HTTP: Fixed potential bug while determining socket data availability.
- HTTP: Added missing certificate algorithm check.
- HTTP: Fixed handling of '100 Continue' responses.
- HTTP: Fixed handling of abandoned sockets.
- SSH: Added support for AES/GCM ciphers ('aes128-gcm@openssh.com' and 'aes256-gcm@openssh.com') to SSH client.
- SSH: Added support for EtM MAC ciphers ('hmac-sha2-256-etm@openssh.com' and 'hmac-sha2-512-etm@openssh.com') to SSH client.
- TLS/SSL: Log deprecation warning when using SSL 3.0, which is disabled by default and should no longer be used at all.
- TLS/SSL: Added SslSettings.​SslRenegotiationExtensionEnabled option.
- TLS/SSL: Added SslSettings.​SslServerNameIndicationEnabled option.
- Cryptography: Added CryptographicCollection<T> as a base for cryptographic collection classes.
- Cryptography: Fixed possible NullReferenceException inCertificateRevocationList.​GetRevocationReason() method.
- Cryptography: Fixed PFX saving on Mono.
- Cryptography: Fixed "Unable to load DLL 'Bcrypt.dll'" error on Linux with .NET Core.
- Cryptography: Added EnhancedCertificateEngine to .NET Compact Framework version to make it possible to supply custom root certification authorities.
- Common: Enabled Certificate/​CertificateChain.​LoadPfx with AlwaysCng option on .NET Compact Framework 3.9.
- Common: Fixed rare race condition in possibly leading to NullReferenceException on .NET Core and UWP platforms.
- Common: Fixed COMException in CertificateChain.BuildFrom method on experimental UWP platform.
- Common: Built-in custom certificate validator on .NET CF no longer unnecessarily validates signature of root CA certificates that are trusted by the OS.
- Released
- January112018
2017 R6.3 #
(build 6586 from 2018-01-11)
Maintenance release
This is a maintenance release with enhancements in the shared functionality.
Detailed list of changes:
- Cryptography: Added support for RSAES-OAEP with input parameter (label).
- Cryptography: Added support for RSAES-OAEP with mismatched hash algorithms.
- Cryptography: Fixed initialization of EncryptionAlgorithm property in MailMessage.Recipients collection items.
- Cryptography: Added support for RSASSA-PSS with mismatched hash algorithms.
- Cryptography: Fixed CNG private key conversion workaround.
- Released
- December212017
2017 R6.2 #
(build 6565 from 2017-12-21)
Faster AES on Windows
Rebex libraries now use Windows CNG for AES symmetric encryption algorithm when available. CNG implementation of AES is faster and takes advantage of AES-NI instructions.
On-the-fly data uploads
Our HttpRequest
object now supports AllowWriteStreamBuffering
and SendChunked
properties, making it possible to upload large amounts of data
to the server.
Fixed leaking of HTTP sessions
Unfortunately, Rebex HTTPS 2016 R6 introduced a bug in the HTTP session cache that caused sessions to never be reused. This has now been fixed.
Detailed list of changes:
- HTTP: Added AllowWriteStreamBuffering and SendChunked properties, making it possible to perform on-the-fly uploads.
- HTTP: Added HttpRequest.ContentLength in .NET Standard/.NET Core and Universal Windows Platform (UAP) editions.
- HTTP: Enhanced platform info logging.
- HTTP: Fixed HTTP session cache that ceased to work in 2017 R6, causing a memory leak.
- HTTP: Fixed a bug in parsing of missing Content-Encoding values.
- Networking: ProxySocket constructor requires a connected socket now.
- SSH: Added SshParameters.​UseLegacyGroupExchange option to make it possible to force using legacy or standard form of SSH Diffie-Hellman group exchange packet.
- SSH: Enhanced legacy group exchange autodetection.
- TLS/SSL: Fixed handling of duplicate suites in ClientHello packets.
- Cryptography: Added CertificateChain.LoadDer method to load a chain of Base64-encoded certificates.
- Cryptography: Fast CNG implementation of AES (which takes advantage of AES-NI instructions) is used when available.
- Cryptography: Added workaround for broken X509Certificate.GetPublicKey() on Mono 5.4.
- Cryptography: Added a workaround for GPG's gpgsm utility that required some SignedData fields to be DER-encoded.
- Released
- November202017
2017 R6.1 #
(build 6534 from 2017-11-20)
Native elliptic curve cryptography on Windows Embedded Compact 2013
Rebex libraries now use Windows CNG MS CNG API on .NET Compact Framework 3.9 / Windows Embedded Compact 2013, making it possible to use ECDH and ECDSA ciphers in TLS/SSL and SFTP/SSH with no need of external plugins.
Maintenance release
This is a maintenance release with improvements, bugfixes or workarounds.
Detailed list of changes:
- HTTP: Added WebClient.Encoding property to specify charset for string-based methods.
- HTTP: Added DownloadProgressChanged/​UploadProgressChanged events do WebClient class.
- HTTP: Added HttpRequest.AutomaticDecompression property.
- HTTP: Fixed handling of multiple headers with same header name in .NET Standard edition.
- HTTP: HttpResponse.ContentLength returns -1 to indicate 'value not specified'.
- HTTP: Fixed a bug in handling HttpRequest.Headers that could cause headers to be duplicated in some scenarios.
- HTTP: Added null value check to HttpRequest.Headers setter.
- HTTP: HttpResponse.ContentLength property is now set to -1 (not specified) when receiving automatically decompressed content.
- HTTP: HttpResponse.GetResponseStream() handles unsupported Content-Encoding values now.
- SSH: Added SshPublicKey.LoadPublicKeys method that supports loading OpenSSH's 'authorized_keys' files.
- Cryptography: Enhanced custom CRL downloader for .NET Compact Framework to handle all 3xx redirect codes.
- Cryptography: Enhanced Certificate.LoadDer to handle files with multiple certificates (loads the first one).
- Cryptography: Enabled usage of MS CNG API in .NET Compact Framework 3.9 edition on Windows Embedded Compact 2013 when appropriate.
- Cryptography: Fixed detection of AES/GCM support.
- Cryptography: Fixed detection of native Brainpool and secp256k1 support.
- Cryptography: Added 'params' to CertificateInfo.​SetExtendedUsave/​SetAlternativeHostnames methods.
- Cryptography: Fixed null handling in CertificateInfo.MailAddress.
- Cryptography: Fixed empty block processing in AES/GCM.
- Common: Added workaround for broken Encoding.ASCII encoder on legacy Mono platforms.
- Common: Enhanced SSPI error reporting.
- Common: Fixed platform info in logs on macOS.
- Released
- October252017
2017 R6 #
(build 6508 from 2017-10-25)
AES/GCM support in TLS/SSL on all platforms
We added support for TLS ciphers based on AES/GCM (AES in Galois/Counter Mode) symmetric encryption algorithm:
- ECDHE_RSA_WITH_AES_128_GCM_SHA256
- ECDHE_RSA_WITH_AES_256_GCM_SHA384
- ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
- ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
- DHE_RSA_WITH_AES_128_GCM_SHA256
- DHE_RSA_WITH_AES_256_GCM_SHA384
- DHE_DSS_WITH_AES_128_GCM_SHA256
- DHE_DSS_WITH_AES_256_GCM_SHA384
- RSA_WITH_AES_128_GCM_SHA256
- RSA_WITH_AES_256_GCM_SHA384
These ciphers are available on all supported platforms including .NET Framework 2.0/3.5 and .NET Compact Framework.
Detailed list of changes:
- All: Added support for DSA key generation on .NET Core on Windows.
- HTTP: Changed default User-Agent header value to "Rebex HTTPS". When HttpRequest.UserAgent is set to null, the header is not sent.
- HTTP: Multi-value headers are sent as single comma-separated header.
- HTTP: Proxy communication is now logged (using HttpRequestCreator.LogWriter object).
- HTTP: Redirected keep-alive requests reuse original request's session if possible.
- Networking: Fixed PortRange binding (an issue introduced in previous release).
- Networking: Fixed ReceiveBufferSize/SendBufferSize propagation (an issue introduced in previous release). This was observed to cause slowdown on Windows platform in some scenarios.
- Networking: Fixed handling of IP-based host names in proxy name resolving routine (an issue introduced in previous release).
- TLS/SSL: Added support for AES/GCM to TLS.
- TLS/SSL: Added TlsCipherSuite.Weak enum.
- Cryptography: Added support for RSAES-OAEP encryption to EnvelopedData/RecipientInfo objects (CMS / PKCS #7).
- Cryptography: Added support for RSAES-OAEP encryption to Encrypt/Decrypt methods in Certificate and AsymmetricKeyAlgorithm classes.
- Cryptography: Added support for DSA key generation on .NET Core 1.1 on Windows.
- Cryptography: Added support for RSASSA-PSS signatures to SignMessage/VerifyMessage methods in Certificate and AsymmetricKeyAlgorithm classes.
- Cryptography: Enhanced environment info logging.
- Cryptography: Fixed KeySize property of RSAManaged and DSAManaged to return the proper size for key sizes that are not evenly divisible by 8.
- Cryptography: Added support for RSASSA-PSS signatures to SignedData/SignerInfo objects (CMS / PKCS #7).
- Cryptography: Added support for legacy MD4 algorithm.
- Cryptography: Fixed saving of Brainpool keys (used wrong OID).
- Cryptography: Fixed handling of ED25519 keys in PrivateKeyInfo.
- Cryptography: Fixed CertificateStore private key saving on Mono.
- Common: Environment info is now logged when creating an instance of FileLogWriter.
- Released
- September082017
2017 R5 #
(build 6461 from 2017-09-08)
New fully supported platforms: .NET Core 1.1 and 2.0 on Windows
This release adds full support for .NET Core 2.0 and 1.1 on Windows. Support for .NET Core on Linux and macOS is still experimental.
Support for .NET Standard 1.5, 1.6 and 2.0 (on .NET Core 1.1 and 2.0)
All Rebex libraries support .NET Standard 1.5, 1.6 and 2.0 on .NET Core 1.1 and 2.0. Support for other platforms (such as .NET Standard on .NET 4.6.x or higher) is still experimental.
Detailed list of changes:
- All: Added support for .NET Core 1.1 and 2.0 on Windows.
- HTTP: Fixed handling of HTTP paths with double-slash ('//').
- Networking: Added support for "http://" URLs in Proxy.Host.
- Cryptography: Added HTTP redirect handling to CRL downloader on .NET Compact Framework.
- Cryptography: Added workaround to enable SHA-2 on legacy operating systems (such as pre-SP3 Windows XP).
- Cryptography: Using ASN.1 GeneralizedTime for dates greater than 2050.
- Cryptography: Enhanced logging of some SSPI errors.
- Cryptography: Added workaround for invalid or empty HTTP header names.
- Common: Enabled SHA-2 support workaround for legacy RSA providers.
- Common: Using custom IBM 437 encoding on .NET Compact Framework.
- Released
- August042017
2017 R4.1 #
(build 6426 from 2017-08-04)
Maintenance release
This is a maintenance release with several improvements, bugfixes and workarounds.
Detailed list of changes:
- HTTP: Enhanced exception messages for errors at TLS/SSL layer.
- Cryptography: Enhanced RSAES-OAEP support.
- Cryptography: Added CertificateStore.Add method (replacement for deprecated CertificateStore.AddCertificate method).
- Cryptography: Added KeySetOptions.PreferCng and KeySetOptions.AlwaysCng options.
- Cryptography: Fixed AsymmetricKeyAlgorithm.Dispose method.
- Cryptography: Fixed AsymmetricKeyAlgorithm.CreateFrom method (always honors the ownsAlgorithm argument now).
- Released
- June302017
2017 R4 #
(build 6391 from 2017-06-30)
Support for CNG Key Storage Providers
Rebex Certificate
class now fully supports RSA, DSA and ECDSA private keys stored in Windows CNG Key Storage
Providers.
Native support for Brainpool (P-256 R1, P-384 R1, P-512 R1) and secp256k1 elliptic curves on Windows 10
Windows 10 (and Windows Server 2016) added native support for additional Elliptic Curve DSA (ECDSA) / Elliptic Curve Diffie-Hellman (ECDH) curves including secp256k1, Brainpool P-256 R1, P-384 R1 and P-512 R1, and Rebex classes can take advantage of them now (in addition to NIST P-256/P-384/P-521 curves).
Brainpool curves have already been supported by our TLS/SSL library and can be used with the following ciphers:
- TLS_​ECDHE_​ECDSA_​WITH_​AES_​128_​CBC_​SHA
- TLS_​ECDHE_​ECDSA_​WITH_​AES_​128_​CBC_​SHA256
- TLS_​ECDHE_​ECDSA_​WITH_​AES_​256_​CBC_​SHA
- TLS_​ECDHE_​ECDSA_​WITH_​AES_​256_​CBC_​SHA384
- TLS_​ECDHE_​ECDSA_​WITH_​3DES_​EDE_​CBC_​SHA
- TLS_ECDHE_ECDSA_WITH_RC4_128_SHA
- TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
- TLS_​ECDHE_​RSA_​WITH_​AES_​128_​CBC_​SHA256
- TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
- TLS_​ECDHE_​RSA_​WITH_​AES_​256_​CBC_​SHA384
- TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA
- TLS_ECDHE_RSA_WITH_RC4_128_SHA
For earlier Windows and other operating systems, Brainpool curves are available through external plugins.
Detailed list of changes:
- All: Deprecated .NET Compact Framework 2.0, Windows (Store) 8.0 and Windows (Store/Phone) 8.1 platforms.
- All: Lots of improvements in experimental .NET Core / .NET Standard edition.
- HTTP: Added HttpResponse.Cipher property to make it possible to determine information about the TLS cipher used by the underlying TLS/SSL session.
- HTTP: Fixed broken WebClient.UploadString(...) method.
- HTTP: Fixed handling of null in HttpRequestCreator.​SetSocketFactory() method.
- HTTP: Fixed handling of relative or broken redirect locations.
- SSH: Added SshParameters.CompressionLevel option to make it possible to specify the desired compression level for SSH.
- SSH: Deprecated SshPrivateKey.CreateSignature, VerifySignature and an old variant of the SshPrivateKey.Save method.
- SSH: Added SshPublicKey.GetPublicKeyInfo() method.
- SSH: Added SshException.GetServerInfo() method to make it possible to determine lists of ciphers supported by the server when SSH negotiation fails.
- Cryptography: Added support for certificates with private keys stored in CNG Key Storage Providers.
- Cryptography: Compatibility enhancements in Certificate public/private key operations and AsymmetricKeyAlgorithm class.
- Cryptography: Added Certificate.GetPublicKeyInfo() method.
- Cryptography: Fixed PublicKeyInfo.GetKeySize() method that used to throw an exception for ECDSA and ED keys.
- Cryptography: Added native support for secp256k1, Brainpool P-256 R1, P-384 R1 and P-512 R1 on Windows 10 and Windows Server 2016.
- Cryptography: Fixed default hash algorithm detection in SignMessage/VerifyMessage methods in Certificate and AsymmetricKeyAlgorithm classes.
- Cryptography: Experimental support for CMS (PKCS #7) decryption with RSA/OAEP/SHA-1 (RSAES-OAEP defined by RFC 3447).
- Cryptography: Fixed 'Unexpected PFX length' error when exporting 4096-bit RSA certificates into PFX/P12 file.
- Released
- May092017
2017 R3 #
(build 6339 from 2017-05-09)
NuGet packages
Rebex libraries just got official NuGet packages!
If you have an active subscription, you will get NuGet packages as part of Rebex libraries. These are supposed to be added to your private NuGet repository.
Rebex packages are available at NuGet.org as well.
Experimental support for .NET Standard 1.5 and NET Core
This release adds experimental support for .NET Core (or rather .NET Standard 1.5/1.6) to all Rebex libraries.
In addition to .NET Core on Windows, Linux and macOS, .NET Standard edition of Rebex libraries can be used on any platform with .NET Standard 1.5 support. This currently includes .NET 4.6.2 and .NET 4.7, and hopefully other platforms soon.
Please note that 'experimental' support means that this edition has not yet reached the 'mainstream' support phase, and the API is subject to change. Any feedback is greatly appreciated.
Support for .NET Framework 4.7
.NET Framework 4.7 is a fully supported platform.
Detailed list of changes:
- All: Added NuGet packages.
- All: Added experimental support for .NET Core and .NET Standard 1.5.
- All: Added workaround for a breaking change in Exception.Data on recent Xamarin.Android.
- All: Added support for .NET Framework 4.7.
- HTTP: Fixed redirection handling when the new location points to a different HTTPS server.
- Cryptography: Enhanced error messages in AsymmetricKeyAlgorithm.
- Cryptography: Custom certificate validator now behaves like MS CryptoAPI validator when dealing with RSA key sizes shorter than 1024 bits; MD5 signature hash algorithm is always considered to be weak for non-root certificates.
- Cryptography: Added support for .PFX/.P12 saving on .NET Compact Framework (requires Windows CE 5.0 or later).
- Common: Fixed incorrect handling of CNG RSA keys.
- Released
- March222017
2017 R2 #
(build 6291 from 2017-03-22)
ECDSA certificate support in TLS/SSL
All Rebex libraries utilizing our TLS/SSL library now support the following TLS ciphers based on Elliptic Curve DSA (ECDSA) algorithm:
- TLS_​ECDHE_​ECDSA_​WITH_​AES_​128_​CBC_​SHA
- TLS_​ECDHE_​ECDSA_​WITH_​AES_​128_​CBC_​SHA256
- TLS_​ECDHE_​ECDSA_​WITH_​AES_​256_​CBC_​SHA
- TLS_​ECDHE_​ECDSA_​WITH_​AES_​256_​CBC_​SHA384
- TLS_​ECDHE_​ECDSA_​WITH_​3DES_​EDE_​CBC_​SHA
- TLS_ECDHE_ECDSA_WITH_RC4_128_SHA
Supported curves:
- NIST P-256
- NIST P-384
- NIST P-521
Please note that external plugins are needed for these algorithms and curves on some platforms.
Support for Visual Studio 2017
All Rebex libraries are now fully supported in Microsoft Visual Studio 2017. Older Visual Studio versions (2008 and higher) and .NET Framework versions (2.0 and higher) are still supported as well.
Experimental support for Universal Windows Platform
This release introduces experimental support for Universal Windows Platform (Windows 10, Windows 10 Mobile, Windows 10 IoT).
Minor ISocket API changes
Legacy parts of ISocket
interface were moved into ISocketExt
interface.
If you implemented a custom transport layer using the ISocket
API, make sure to implement ISocketExt
instead when
upgrading to this release.
Seldom-used static methods in CryptoHelper
class were removed. If you need any of them, please let us know.
Detailed list of changes:
- All: Mono 2.10 is no longer supported. (Mono 3.x and 4.x still supported.)
- HTTP: Fixed issues in HTTP client connection pool.
- HTTP: Added HttpSessionCacheEnabled and SslSessionCacheEnabled options to HttpSettings.
- HTTP: Added workaround for servers that use DEFLATE instead of Zlib.
- Networking: Added logging of environment and platform information.
- Networking: Enhanced target address logging when connecting.
- Networking: HTTP core provides better inner exceptions on errors.
- Networking: Legacy members of custom transport layer API moved from ISocket to ISocketExt.
- Networking: Fixed ProxySocket.Connect(...) on Mono 2.10.
- SSH: Enhanced cipher mismatch error reporting during SSH negotiation to produce informative error messages.
- SSH: Added GetSupportedMacAlgorithms/​GetSupportedEncryptionAlgorithms/​GetSupportedKeyExchangeAlgorithms static methods to SshParameters.
- SSH: Added support for client key authentication using 'rsa-sha2-256', 'rsa-sha2-512' and 'ssh-rsa-sha256@ssh.com' algorithms.
- SSH: Added OpenSSH-style fingerprint support to SshFingerprint class.
- TLS/SSL: Added support for Elliptic Curve DSA to TLS 1.2/1.1/1.0.
- TLS/SSL: Fixed unexpected connection closure handling in TlsSocket.
- TLS/SSL: Fixed handling of Timeout value in TlsSocket.Receive.
- Cryptography: Added support for Elliptic Curve DSA to Certificate/​CertificateChain/​CertificateIssuer classes.
- Cryptography: SignMessage/VerifyMessage methods added to AsymmetricKeyAlgorithm.
- Cryptography: Renamed KeyDerivationOptions class to KeyDerivationParameters.
- Cryptography: Removed seldom-used static methods from CryptoHelper.
- Cryptography: CertificateIssuer class made available on .NET Compact Framework.
- Cryptography: Fixed TLS 1.0/1.1 on FIPS-only Windows with disabled UseFipsAlgorithmsOnly.
- Cryptography: Enhanced CertificateIssuer API.
- Cryptography: Fixed PrivateKeyInfo.KeyAlgorithm that returned non-standard values for some ECDSA keys.
- Cryptography: Fixed handling of padding in ECDSA private keys stored using the new OpenSSH format.
- Cryptography: Fixed weak algorithm detection in .NET Compact Framework custom certificate verifier.
- Released
- February082017
2017 R1 #
(build 6249 from 2017-02-08)
New library: Rebex HTTPS
Rebex HTTPS is an HTTP/HTTPS client library that supports TLS 1.2/1.1/1.0, SHA-2, Server Name Identification (SNI), Renegotiation Indication Extension, Forward Secrecy, ZLIB. These features are available on all supported platforms: .NET Framework, .NET Compact Framework, Mono, Xamarin.iOS and Xamarin.Android.
The library is available as a standalone package or as a part of Rebex Total Pack.
Detailed list of changes:
- HTTP: Initial release.