More .NET components

Release notes for Rebex SFTP for .NET

2019-03-28 Version 2019 R1 #
(build number 7027)

Improved platform support

This release adds three new sets of binaries targeting the following platforms:

  • .NET Core 2.0/2.1/2.2 (via .NET Standard 2.0)
  • .NET 4.6.x/4.7.x
  • .NET 3.5 SP1

For an overview of available binaries and supported platforms, check out Rebex Support Lifecycle KB article.

API changes

In this release we changed our API a bit. We removed parts of our API that have been deprecated for years, and we deprecated parts of our API that were considered outdated. Additionally, we made some missing methods available on Xamarin and .NET Standard 1.5 platforms as well.

These changes should only affect a minority of our users. If you are affected and need help, please contact us!

DSA deprecation in SFTP and SSH clients

Because DSA algorithm is now considered deprecated, we changed the preferred host key algorithm to RSA. To revert to the previous behavior, set client.Settings.SshParameters.PreferredHostKeyAlgorithm to SshHostKeyAlgorithm.DSS.

MD5 deprecation in SshFingerprint

SshFingerprint's ToString() and ToArray() methods use SHA-256 now. To revert to previous behavior, specify SignatureHashAlgorithm.MD5 when calling these methods.

Optimized AES/GCM performance

Improved performance of AES/GCM ciphers in TLS and SSH protocols on .NET Compact Framework and non-Windows platforms.

Complete list of changes of version 2019 R1

  • All: Added binaries targeting .NET Framework 3.5 SP1.
  • All: Added binaries targeting .NET Framework 4.6 and higher.
  • All: Added binaries targeting .NET Standard 2.x.
  • All: Removed long-deprecated API. Deprecated legacy API.
  • SFTP: Added SftpItemType.Fifo enum value.
  • SFTP: Fixed SftpItem.Owner/Group properties that returned null (contrary to the documentation) when using SFTP v3.
  • SFTP: GetItems() method changed to return items of unknown type instead of throwing and exception.
  • ProxySocket: Fixed passing of state to the callback method in BeginConnect.
  • SSH: Changed behavior of SshFingerprint.ToString() and .ToArray() to use SHA-256.
  • SSH: Improved performance of AES/GCM ciphers on .NET Compact Framework and non-Windows platforms.
  • SSH: RSA host keys are preferred to DSA host keys.
  • SSH: SHA-512 is only used during SSH client authentication when the RSA key length allows it.
  • SSH: SshParameters.MinimumRsaKeySize now applies to client RSA keys as well.
  • SSH: Using standard form of Diffie-Hellman group exchange with GlobalScape servers.
  • TLS/SSL: Fixed passing of state to the callback method in BeginConnect.
  • TLS/SSL: Improved performance of AES/GCM ciphers on .NET Compact Framework and non-Windows platforms.
  • Cryptography: Fixed behavior of HMAC mode in KeyMaterialDeriver.DeriveKeyMaterial method.
  • Cryptography: Fixed handling of shared secred padding in AsymmetricKeyAlgorithm.GetKeyMaterialDeriver.
  • Cryptography: Fixed possible NullReferenceException in CertificationRequest.GetAlternativeHostnames method.
  • Common: Fixed garbage collection issue with PFX-based certificate keys on non-Windows platforms.
  • Common: LocalItem constructor no longer fails on items with iinvalid paths.

2018-12-21 Version 2018 R4 #
(build number 6930)

Support for yet another OpenSSH key encryption

Added support for new OpenSSH keys with AES-CTR encryption.

Complete list of changes of version 2018 R4

  • Networking: Fixed handling of Ssh.Encoding property.
  • Networking: Improved TLS logging.
  • Networking: ProxySocket and TlsSocket implement IDisposable now.
  • ProxySocket: Added workaround for ObjectDisposedException in Socket.ConnectAsync on .NET Core for macOS.
  • SSH: Enhanced legacy group exchange autodetection.
  • SSH: Fixed SshPublicKey(PublicKeyInfo) constructor that only accepted RSA or DSA keys.
  • SSH: Fixed Verbose logging of interactive authentication.
  • SSH: Changed SshParameters.MinimumRsaKeySize from 1024 to 1023 bits.
  • TLS/SSL: Improved server certificate usage check.
  • Cryptography: Added support for 'BEGIN RSA PUBLIC KEY' keys (PKCS #1 / RFC 3447) to PublicKeyInfo.
  • Cryptography: Added support for IP addresses in Subject Alternative Name certificate extension.
  • Common: Added support for new OpenSSH key format with AES-CTR encryption.
  • Common: Fixed possible certificate validation failures on some versions of Xamarin.Android.

2018-10-26 Version 2018 R3 #
(build number 6874)

Password-hiding in Verbose logging mode

Communication logs created with Verbose level no longer contain authentication credentials, which makes it more convenient and safer to share them with others.

Support for '' extension

Added support OpenSSH's fsync extension that makes it possible to ensure that modified file data has been written to disk. To enable this feature, use Sftp.Settings.EnableFileSync property.

Added Sftp.CreateLink method

The new CreateLink method supports both symbolic links and hard links. For hard-links, the server must support OpenSSH's extension.

Connection-establishing API for .NET CF

Added very simple connection-establishing API for .NET Compact Framework (Rebex.Net.ConnectionManagement namespace).

Complete list of changes of version 2018 R3

  • All: Added password-hiding in Verbose logging mode.
  • All: Added experimental support for Mono on Windows.
  • All: Fixed messages of some ObjectDisposedException objects.
  • SFTP: Added support for '' SFTP extension (enable using Sftp.Settings.FileSyncOnUpload property).
  • SFTP: Added Sftp.CreateLink method (needs '' extension support to create hard links).
  • SFTP: Fixed minor race condition in Dispose method.
  • Networking: Added simple connection manager API on .NET Compact Framework (Rebex.Net.ConnectionManagement namespace).
  • Networking: Added SshParameters.MaximumPacketSize property.
  • Networking: Report a meaningful error message when .NET Compact Framework's 'not a socket' issue is encountered.
  • Networking: Fixed Login not to block Dispose in Sftp, Scp and Ssh classes.
  • SSH: Using UTF-8 at SSH protocol level by default in Sftp, Scp and Ssh classes.
  • SSH: Added logging of SSH channel window size adjustments.
  • SSH: Fixed decompression in encrypt-then-mac (EtM) MAC mode.
  • TLS/SSL: TLS cipher suite being negotiated is logged as soon as possible.
  • Cryptography: CertificateStore implements IEnumerable<Certificate>.
  • Cryptography: Proper error is reported when trying to validate ECDSA certificates on Mono.
  • Common: Added optimized thread pool on .NET Compact Framework.

2018-09-03 Version 2018 R2.1 #
(build number 6821)

Enhancements and bugfixes

This is a maintenance release with several bugfixes and enhancements.

Complete list of changes of version 2018 R2.1

  • SFTP: Fixed aborting of Sftp object's Connect method when Dispose method has been called.
  • Proxy: Added Proxy.HttpUserAgent property to make it possible to specify User-Agent for HTTP CONNECT proxies.
  • Proxy: ProxySocket methods now throw ObjectDisposedException when disposed.
  • SSH: Fixed data buffering when raising SshChannel.ExtendedDataReceived event.
  • Cryptography: Optimized certificate signature validation on .NET Compact Framework.

2018-06-29 Version 2018 R2 #
(build number 6755)

New fully supported platform: .NET Core on macOS

This release adds full support for .NET Core 2.x on macOS.

Enhancements and bugfixes

Enhancements and bugfixes in the shared functionality.

Complete list of changes of version 2018 R2

  • All: Added support for .NET Core on macOS.
  • SFTP: Improved Sftp.GetList() logging.
  • SFTP: Fixed Download() method for filenames starting with backslash on Unix-like servers.
  • Proxy: Closed ProxySocket objects throw more meaningful exception.
  • SSH: Added support for additional formats to SshPublicKey.
  • SSH: Fixed possible bug in SshPublicKey loading.
  • SSH: Added SshPrivateKey.GetPrivateKeyInfo() method.
  • TLS/SSL: Added SslSettings.SslServerCertificateValidationOptions and SslCertificateValidationEventArgs.Options properties.
  • Cryptography: Added workaround for eToken CSP private key operations.
  • Cryptography: Fixed possible 'Unexpected key algorithm' error in AsymmetricKeyAlgorithm.
  • Cryptography: Fixed Certificate.GetSignatureHashAlgorithm() for RSASSA-PSS certificates
  • Cryptography: RSACryptoServiceProvider usability detection made more compatible.
  • Cryptography: Fixed CertificateStore.Exists on .NET Core.
  • Cryptography: Fixed Certificate.HasPrivateKey for non-silent keys.
  • Cryptography: Fixed potential security vulnerability in RSAManaged class (proper padding check in signature verification).
  • Common: Fixed compatibility with AWS Lambda.

2018-04-25 Version 2018 R1.1 #
(build number 6690)

New fully supported platform: .NET Core on Linux

This release adds full support for .NET Core 2.x on Linux.

Complete list of changes of version 2018 R1.1

  • All: Added support for .NET Core on Linux.
  • SFTP: Added SftpListItemReceivedEventArgs.UserState property.
  • SSH: Fixed handling of invalid data packets claiming to contain more data than their payload length.
  • TLS/SSL: Fixed error raising in TlsSocket's EndSend/EndReceive methods.
  • Cryptography: Enhanced error message when trying to use signing-only RSA certificate for decryption.
  • Cryptography: Fixed private key exporting on .NET Core on Linux.
  • Cryptography: Fixed retrieval of certificate with bound keys from store on .NET Core on Linux.
  • Cryptography: Fixed possible NullReferenceException in built-in custom certificate validator on .NET Compact Framework. Could occur using CRL validation.
  • Cryptography: Fixed DSAManaged.ExportParameter method that failed to export parameters with missing Seed.
  • Cryptography: Added CertificateEngine.BuildChain(Certificate) method.
  • Cryptography: Current CertificateEngine's BuildChain method is now used in CMS (PKCS #7) SignedData and EnvelopedData.
  • Cryptography: Added Certificate.Tag property to make it possible to associate custom objects with a particular Certificate instance.
  • Cryptography: Enhanced logging in built-in custom certificate validator on .NET Compact Framework.

2018-04-01 Version 2018 R1 #
(build number 6666)

Additional SSH ciphers

Client-side SSH now supports the following AES/GCM ciphers and ETM MAC ciphers compatible with OpenSSH.

Complete list of changes of version 2018 R1

  • SFTP: Added Sftp.Settings.CustomCommand property.
  • SFTP: Added workaround for GlobalScape servers that have issues with long data blocks.
  • SSH: Added support for AES/GCM ciphers ('' and '') to SSH client.
  • SSH: Added support for ETM MAC ciphers ('' and '') to SSH client.
  • TLS/SSL: Log deprecation warning when using SSL 3.0, which is disabled by default and should no longer be used at all.
  • TLS/SSL: Added SslSettings.SslRenegotiationExtensionEnabled option.
  • TLS/SSL: Added SslSettings.SslServerNameIndicationEnabled option.
  • Cryptography: Added CryptographicCollection<T> as a base for cryptographic collection classes.
  • Cryptography: Fixed possible NullReferenceException inCertificateRevocationList.GetRevocationReason() method.
  • Cryptography: Fixed PFX saving on Mono.
  • Cryptography: Fixed "Unable to load DLL 'Bcrypt.dll'" error on Linux with .NET Core.
  • Cryptography: Added EnhancedCertificateEngine to .NET Compact Framework version to make it possible to supply custom root certification authorities.
  • Common: Enabled Certificate/CertificateChain.LoadPfx with AlwaysCng option on .NET Compact Framework 3.9.
  • Common: Fixed rare race condition in possibly leading to NullReferenceException on .NET Core and UWP platforms.
  • Common: Fixed COMException in CertificateChain.BuildFrom method on experimental UWP platform.
  • Common: Built-in custom certificate validator on .NET CF no longer unnecessarily validates signature of root CA certificates that are trusted by the OS.

2018-01-11 Version 2017 R6.3 #
(build number 6586)

Maintenance release

This is a maintenance release with enhancements in the shared functionality.

Complete list of changes of version 2017 R6.3

  • Cryptography: Added support for RSAES-OAEP with input parameter (label).
  • Cryptography: Added support for RSAES-OAEP with mismatched hash algorithms.
  • Cryptography: Fixed initialization of EncryptionAlgorithm property in MailMessage.Recipients collection items.
  • Cryptography: Added support for RSASSA-PSS with mismatched hash algorithms.
  • Cryptography: Fixed CNG private key conversion workaround.

2017-12-21 Version 2017 R6.2 #
(build number 6565)

Faster AES on Windows

Rebex components now use Windows CNG for AES symmetric encryption algorithm when available. CNG implementation of AES is faster and takes advantage of AES-NI instructions.

Checksum support in multi-file SFTP transfers

Sftp object's Upload and Download methods support ActionOnExistingFiles.OverwriteDifferentChecksum, making it possible to use SFTP's checksum and hashing functionality to determine which files were changed.

Please note that this functionality is only supported by servers that implement the "file-check" extension.

Complete list of changes of version 2017 R6.2

  • SFTP: Added support for ActionOnExistingFiles.OverwriteDifferentChecksum to Upload/Download methods.
  • Proxy: ProxySocket constructor requires a connected socket now.
  • SSH: Added SshParameters.UseLegacyGroupExchange option to make it possible to force using legacy or standard form of SSH Diffie-Hellman group exchange packet.
  • TLS/SSL: Fixed handling of duplicate suites in ClientHello packets.
  • Cryptography: Added CertificateChain.LoadDer method to load a chain of Base64-encoded certificates.
  • Cryptography: Fast CNG implementation of AES (which takes advantage of AES-NI instructions) is used when available.
  • Cryptography: Added workaround for broken X509Certificate.GetPublicKey() on Mono 5.4.
  • Cryptography: Added a workaround for GPG's gpgsm utility that required some SignedData fields to be DER-encoded.

2017-11-20 Version 2017 R6.1 #
(build number 6534)

Remote file system information

Sftp object now features GetFileSystemInfo method, which makes it possible to determine free space and other information about a remote file system drive.

Please note that this functionality only works with servers that support "space-available" or extension.

Native elliptic curve cryptography on Windows Embedded Compact 2013

Rebex components now utilize MS CNG API on .NET Compact Framework 3.9 / Windows Embedded Compact 2013, making it possible to use ECDH and ECDSA ciphers in TLS/SSL and SFTP/SSH with no need of external plugins.

Complete list of changes of version 2017 R6.1

  • SFTP: Added Sftp.GetFileSystemInfo method to determine free space and other drive information.
  • SFTP: Fixed a bug that caused the client not to ask for access time attribute in SFTP v4 (most servers sent the attribute despite this).
  • SFTP: Added workaround for ProFTPd 1.3.6's mod_sftp which sends broken response when CREATETIME attribute has been requested.
  • SSH: Added SshPublicKey.LoadPublicKeys method that supports loading OpenSSH's 'authorized_keys' files.
  • Cryptography: Enhanced custom CRL downloader for .NET Compact Framework to handle all 3xx redirect codes.
  • Cryptography: Enhanced Certificate.LoadDer to handle files with multiple certificates (loads the first one).
  • Cryptography: Enabled usage of MS CNG API in .NET Compact Framework 3.9 edition on Windows Embedded Compact 2013 when appropriate.
  • Cryptography: Fixed detection of AES/GCM support.
  • Cryptography: Fixed detection of native Brainpool and secp256k1 support.
  • Cryptography: Added 'params' to CertificateInfo.SetExtendedUsave/SetAlternativeHostnames methods.
  • Cryptography: Fixed null handling in CertificateInfo.MailAddress.
  • Cryptography: Fixed empty block processing in AES/GCM.
  • Common: Added workaround for broken Encoding.ASCII encoder on legacy Mono platforms.
  • Common: Enhanced SSPI error reporting.
  • Common: Fixed platform info in logs on macOS.

2017-10-25 Version 2017 R6 #
(build number 6508)

Maintenance release

This is a maintenance release with several improvements, bugfixes and workarounds.

Complete list of changes of version 2017 R6

  • All: Added support for DSA key generation on .NET Core on Windows.
  • SFTP: Fixed SFTP extension info parser (used to fail with some charsets).
  • Networking: Fixed PortRange binding (an issue introduced in previous release).
  • Networking: Fixed ReceiveBufferSize/SendBufferSize propagation (an issue introduced in previous release). This was observed to cause slowdown on Windows platform in some scenarios.
  • Proxy: Fixed handling of IP-based host names in proxy name resolving routine (an issue introduced in previous release).
  • TLS/SSL: Added support for AES/GCM to TLS.
  • TLS/SSL: Added TlsCipherSuite.Weak enum.
  • Cryptography: Added support for RSAES-OAEP encryption to EnvelopedData/RecipientInfo objects (CMS / PKCS #7).
  • Cryptography: Added support for RSAES-OAEP encryption to Encrypt/Decrypt methods in Certificate and AsymmetricKeyAlgorithm classes.
  • Cryptography: Added support for DSA key generation on .NET Core 1.1 on Windows.
  • Cryptography: Added support for RSASSA-PSS signatures to SignMessage/VerifyMessage methods in Certificate and AsymmetricKeyAlgorithm classes.
  • Cryptography: Enhanced environment info logging.
  • Cryptography: Fixed KeySize property of RSAManaged and DSAManaged to return the proper size for key sizes that are not evenly divisible by 8.
  • Cryptography: Added support for RSASSA-PSS signatures to SignedData/SignerInfo objects (CMS / PKCS #7).
  • Cryptography: Added support for legacy MD4 algorithm.
  • Cryptography: Fixed saving of Brainpool keys (used wrong OID).
  • Cryptography: Fixed handling of ED25519 keys in PrivateKeyInfo.
  • Cryptography: Fixed CertificateStore private key saving on Mono.
  • Common: Environment info is now logged when creating an instance of FileLogWriter.

2017-09-08 Version 2017 R5 #
(build number 6461)

New fully supported platforms: .NET Core 1.1 and 2.0 on Windows

This release adds full support for .NET Core 2.0 and 1.1 on Windows. Support for .NET Core on Linux and macOS is still experimental.

Support for .NET Standard 1.5, 1.6 and 2.0 (on .NET Core 1.1 and 2.0)

All Rebex components support .NET Standard 1.5, 1.6 and 2.0 on .NET Core 1.1 and 2.0. Support for other platforms (such as .NET Standard on .NET 4.6.x or higher) is still experimental.

Complete list of changes of version 2017 R5

  • All: Added support for .NET Core 1.1 and 2.0 on Windows.
  • Proxy: Added support for "http://" URLs in Proxy.Host.
  • Cryptography: Added HTTP redirect handling to CRL downloader on .NET Compact Framework.
  • Cryptography: Added workaround to enable SHA-2 on legacy operating systems (such as pre-SP3 Windows XP).
  • Cryptography: Using ASN.1 GeneralizedTime for dates greater than 2050.
  • Cryptography: Enhanced logging of some SSPI errors.
  • Cryptography: Added workaround for invalid or empty HTTP header names.
  • Common: Enabled SHA-2 support workaround for legacy RSA providers.
  • Common: Using custom IBM 437 encoding on .NET Compact Framework.

2017-08-04 Version 2017 R4.1 #
(build number 6426)

Maintenance release

This is a maintenance release with several improvements, bugfixes and workarounds in the shared functionality.

Complete list of changes of version 2017 R4.1

  • Cryptography: Enhanced RSAES-OAEP support.
  • Cryptography: Added CertificateStore.Add method (replacement for deprecated CertificateStore.AddCertificate method).
  • Cryptography: Added KeySetOptions.PreferCng and KeySetOptions.AlwaysCng options.
  • Cryptography: Fixed AsymmetricKeyAlgorithm.Dispose method.
  • Cryptography: Fixed AsymmetricKeyAlgorithm.CreateFrom method (always honors the ownsAlgorithm argument now).

2017-06-30 Version 2017 R4 #
(build number 6391)

Support for CNG Key Storage Providers

Rebex Certificate class now fully supports RSA, DSA and ECDSA private keys stored in Windows CNG Key Storage Providers.

Complete list of changes of version 2017 R4

  • All: Deprecated .NET Compact Framework 2.0, Windows (Store) 8.0 and Windows (Store/Phone) 8.1 platforms.
  • All: Lots of improvements in experimental .NET Core / .NET Standard edition.
  • SFTP: Enhanced error reporting of failed SFTP subsystem request.
  • SFTP: Added workaround for Titan SFTP server which incorrectly handles uploaded blocks of 65535/65534 bytes.
  • SSH: Added SshParameters.CompressionLevel option to make it possible to specify the desired compression level for SSH.
  • SSH: Deprecated SshPrivateKey.CreateSignature, VerifySignature and an old variant of the SshPrivateKey.Save method.
  • SSH: Added SshPublicKey.GetPublicKeyInfo() method.
  • SSH: Added SshException.GetServerInfo() method to make it possible to determine lists of ciphers supported by the server when SSH negotiation fails.
  • Cryptography: Added support for certificates with private keys stored in CNG Key Storage Providers.
  • Cryptography: Compatibility enhancements in Certificate public/private key operations and AsymmetricKeyAlgorithm class.
  • Cryptography: Added Certificate.GetPublicKeyInfo() method.
  • Cryptography: Fixed PublicKeyInfo.GetKeySize() method that used to throw an exception for ECDSA and ED keys.
  • Cryptography: Added native support for secp256k1, Brainpool P-256 R1, P-384 R1 and P-512 R1 on Windows 10 and Windows Server 2016.
  • Cryptography: Fixed default hash algorithm detection in SignMessage/VerifyMessage methods in Certificate and AsymmetricKeyAlgorithm classes.
  • Cryptography: Experimental support for CMS (PKCS #7) decryption with RSA/OAEP/SHA-1 (RSAES-OAEP defined by RFC 3447).
  • Cryptography: Fixed 'Unexpected PFX length' error when exporting 4096-bit RSA certificates into PFX/P12 file.

2017-05-09 Version 2017 R3 #
(build number 6339)

NuGet packages

Rebex components just got official NuGet packages!

If you have an active subscription, you will get NuGet packages as part of Rebex components. These are supposed to be added to your private NuGet repository.

Rebex packages are available at as well.

Experimental support for .NET Standard 1.5 and NET Core

This release adds experimental support for .NET Core (or rather .NET Standard 1.5/1.6) to all Rebex components.

In addition to .NET Core on Windows, Linux and macOS, .NET Standard edition of Rebex components can be used on any platform with .NET Standard 1.5 support. This currently includes .NET 4.6.2 and .NET 4.7, and hopefully other platforms soon.

Please note that 'experimental' support means that this edition has not yet reached the 'mainstream' support phase, and the API is subject to change. Any feedback is greatly appreciated.

Support for .NET Framework 4.7

.NET Framework 4.7 is a fully supported platform.

Complete list of changes of version 2017 R3

  • All: Added NuGet packages.
  • All: Added experimental support for .NET Core and .NET Standard 1.5.
  • All: Added workaround for a breaking change in Exception.Data on recent Xamarin.Android.
  • All: Added support for .NET Framework 4.7.
  • SFTP: Added Scp.Settings.ProcessCommand property to make it possible to customize the 'scp' command before it is sent to the server.
  • SFTP: Added Sftp.GetHomeDirectory() method to make it possible to easily determine current user's home directory.
  • SFTP: Optimized GetCurrentDirectoryAsync() method.
  • Cryptography: Enhanced error messages in AsymmetricKeyAlgorithm.
  • Cryptography: Custom certificate validator now behaves like MS CryptoAPI validator when dealing with RSA key sizes shorter than 1024 bits; MD5 signature hash algorithm is always considered to be weak for non-root certificates.
  • Cryptography: Added support for .PFX/.P12 saving on .NET Compact Framework (requires Windows CE 5.0 or later).
  • Common: Fixed incorrect handling of CNG RSA keys.

2017-03-22 Version 2017 R2 #
(build number 6291)

SSH client authentication using RSA with SHA-2

All Rebex components utilizing our SSH library now support client public/private key authentication based on RSA with SHA-2:

  • rsa-sha2-256
  • rsa-sha2-256

Support for Visual Studio 2017

All Rebex components are now fully supported in Microsoft Visual Studio 2017. Older Visual Studio versions (2008 and higher) and .NET Framework versions (2.0 and higher) are still supported as well.

Minor ISocket API changes

Legacy parts of ISocket interface were moved into ISocketExt interface. If you implemented a custom transport layer using the ISocket API, make sure to implement ISocketExt instead when upgrading to this release.

Seldom-used static methods in CryptoHelper class were removed. If you need any of them, please let us know.

Complete list of changes of version 2017 R2

  • All: Mono 2.10 is no longer supported. (Mono 3.x and 4.x still supported.)
  • SFTP: Added Sftp.Settings.SkipDuplicateItems option (set to true by default).
  • Networking: Added logging of environment and platform information.
  • Networking: Enhanced target address logging when connecting.
  • Networking: HTTP core provides better inner exceptions on errors.
  • Networking: Legacy members of custom transport layer API moved from ISocket to ISocketExt.
  • Proxy: Fixed ProxySocket.Connect(...) on Mono 2.10.
  • SSH: Enhanced cipher mismatch error reporting during SSH negotiation to produce informative error messages.
  • SSH: Added GetSupportedMacAlgorithms/GetSupportedEncryptionAlgorithms/GetSupportedKeyExchangeAlgorithms static methods to SshParameters.
  • SSH: Added support for client key authentication using 'rsa-sha2-256', 'rsa-sha2-512' and '' algorithms.
  • SSH: Added OpenSSH-style fingerprint support to SshFingerprint class.
  • TLS/SSL: Added support for Elliptic Curve DSA to TLS 1.2/1.1/1.0.
  • TLS/SSL: Fixed unexpected connection closure handling in TlsSocket.
  • TLS/SSL: Fixed handling of Timeout value in TlsSocket.Receive.
  • Cryptography: Added support for Elliptic Curve DSA to Certificate/CertificateChain/CertificateIssuer classes.
  • Cryptography: SignMessage/VerifyMessage methods added to AsymmetricKeyAlgorithm.
  • Cryptography: Renamed KeyDerivationOptions class to KeyDerivationParameters.
  • Cryptography: Removed seldom-used static methods from CryptoHelper.
  • Cryptography: CertificateIssuer class made available on .NET Compact Framework.
  • Cryptography: Fixed TLS 1.0/1.1 on FIPS-only Windows with disabled UseFipsAlgorithmsOnly.
  • Cryptography: Enhanced CertificateIssuer API.
  • Cryptography: Fixed PrivateKeyInfo.KeyAlgorithm that returned non-standard values for some ECDSA keys.
  • Cryptography: Fixed handling of padding in ECDSA private keys stored using the new OpenSSH format.
  • Cryptography: Fixed weak algorithm detection in .NET Compact Framework custom certificate verifier.

2017-02-08 Version 2017 R1 #
(build number 6249)

Support for the new OpenSSH key format

Our SSH based components can now save private keys using the new OpenSSH key format (Base64-encoded keys with "BEGIN OPENSSH PRIVATE KEY" header).

Complete list of changes of version 2017 R1

  • SFTP: Enlarged default transfer queue lengths.
  • SCP: Fixed ScpTransferProgressEventArgs.Id property.
  • Networking: Added workaround for a breaking change in Exception.Data on recent Xamarin.iOS.
  • Networking: TlsSocket.Timeout modifies the underlying ISocket.Timeout as well now.
  • Networking: Slightly enhanced certificate rejection reason reporting in TLS.
  • Proxy: Enhanced ProxySocket connection initialization.
  • SSH: Added EnsureKeyAcceptable option that instructs SSH client to announce public key to the server before performing key authentication.
  • SSH: Added support for saving private keys in new OpenSSH key format (Base64-encoded keys with "BEGIN OPENSSH PRIVATE KEY" header).
  • SSH: Added support for "rsa-sha2-256" and "rsa-sha2-512" host key algorithms.
  • SSH: Added support for "diffie-hellman-group14-sha256", "diffie-hellman-group15-sha512" and "diffie-hellman-group16-sha512" key exchange algorithms.
  • TLS/SSL: Added support for Renegotiation Indication Extension (RFC 5746).
  • TLS/SSL: Preferred TLS/SSL ciphers can be now defined (using TlsParameters.SetPreferredSuites method).
  • TLS/SSL: Added check for private key accessibility when starting server-side TLS.
  • Cryptography: Added support for ValidationOptions.UseCacheOnly on .NET CF.
  • Cryptography: Substantially optimized CRL parsing code used by enhanced certificate validator on .NET Compact Framework.

2016-12-19 Version 2016 R3 #
(build number 6198)

Elliptic curve cryptography in SSH

All Rebex components utilizing our SSH library now support SSH key exchange algorithms based on Elliptic Curve Diffie-Hellman (ECDH) algorithm and SSH host key algorithms based on Elliptic Curve DSA (ECDSA) and Edwards-curve DSA (EdDSA) algorithms:

  • ecdh-sha2-nistp256
  • ecdh-sha2-nistp384
  • ecdh-sha2-nistp521
  • ecdsa-sha2-nistp256
  • ecdsa-sha2-nistp384
  • ecdsa-sha2-nistp521
  • ssh-ed25519

Please note that external plugins might be needed for some of those algorithms or curves on some platforms.

New OpenSSH key format support

SshPrivateKey and PrivateKeyInfo objects can read server and client keys utilizing the new OpenSSH key format (Base64-encoded keys with "BEGIN OPENSSH PRIVATE KEY" header). This format is usually used to store ED25519 or ECDSA keys.

Remote checksum calculation

Sftp object now features GetChecksum methods, making it possible to retrieve a checksum or hash of a remote file (or part of it). Together with new LocalItem.GetChecksum methods, this makes it easily possible to reliably detect changed files.

Please note that this functionality only works with servers that support the "file-check" extension.

Fine-tuning enabled ciphers in SSH

Previously, SshParameters only made it possible to enable/disable groups of ciphers. Now, it's possible to fine-tune the list of supported algorithms, including their preferred order (client-side only) using SetKeyExchangeAlgorithms, SetHostKeyAlgorithms, SetEncryptionAlgorithms and SetMacAlgorithms methods. Please note that KeyExchangeAlgorithms, HostKeyAlgorithms, EncryptionAlgorithms and MacAlgorithms properties still apply - a cipher is only used when it is enabled by both the method and property.

Disabled weak algorithms in SSH

Several legacy ciphers are now disabled by default: diffie-hellman-group1-sha1, blowfish-ctr, blowfish-cbc, arcfour256, arcfour128, arcfour. Use SshParameters.KeyExchangeAlgorithms and SshParameters.EncryptionAlgorithms to enable them.

Weak RSA server host keys shorter than 1024 bits are now rejected by default. Use SshParameters.MinimumRsaKeySize property to specify a custom key size.

Complete list of changes of version 2016 R3

  • SFTP: Added Sftp.GetChecksum methods (only for servers that support the "file-check" extension).
  • SFTP: Changed Sftp.GetStream in UWP edition to use .NET API instead of Windows Store API.
  • SFTP: ServerKey property added to Sftp/Scp objects, providing server public host key of the server.
  • Networking: Enhanced and optimized HTTP/HTTPS client core.
  • Networking: Connect/Listen methods on ProxySocket/TlsSocket objects now throw an exception when called twice on the same socket.
  • Networking: Added SocketInformation constructor.
  • SSH: Added support for "ecdh-sha2-nistp256", "ecdh-sha2-nistp384", "ecdh-sha2-nistp521" and "" key exchange algorithms (plugins might be needed on some platforms).
  • SSH: Added support for saving keys in new OpenSSH key format (Base64-encoded keys with "BEGIN OPENSSH PRIVATE KEY" header).
  • SSH: Added SetKeyExchangeAlgorithms, SetHostKeyAlgorithms, SetMacAlgorithms methods to SshParameters object to make it possible to fine-tune the list of enabled SSH ciphers.
  • SSH: Legacy Diffie-Hellman group exchange is only used with legacy SSH servers.
  • SSH: Added SshSession.ServerInfo property to make it possible to determine ciphers supported by the SSH server.
  • SSH: Added SshPublicKey.KeySize property.
  • SSH: Added SshParameters.MinimumRsaKeySize property specifying to connect only to SSH servers with RSA server key of given size or higher.
  • SSH: Added support for "ecdsa-sha2-nistp256", "ecdsa-sha2-nistp384", "ecdsa-sha2-nistp521" and "ssh-ed25519" host key algorithms (plugins might be needed on some platforms).
  • SSH: Disabled weak SSH ciphers by default (they can still be enabled explicitly).
  • SSH: Check availability of associated private key when adding a certificate-based server host key.
  • SSH: Fixed possible NullReferenceException when closing SSH client from another thread just before receiving data.
  • TLS/SSL: Added support for Elliptic-Curve based TLS ciphers (TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384, TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDHE_RSA_WITH_RC4_128_SHA) with NIST P-256/P-384/P-521, Curve 25519 and Brainpool P256R1/P384R1/P512R1 curves. Plugins are needed for some of those.
  • TLS/SSL: Server name is now passed to TLS server during negotiation (use TlsParameters.CommonName to override it).
  • TLS/SSL: Fixed TlsCipherSuite.All to include all recently added cipher suites.
  • TLS/SSL: All legacy 'EXPORT1024' ciphers are now prohibited by default in addition to already-prohibited 'EXPORT' ciphers (unless AllowVulnerableSuites option is enabled).
  • TLS/SSL: Fixed issues with some legacy TLS/SSL ciphers (all of them were already disabled by default).
  • TLS/SSL: Enhanced error reporting in server-side TLS/SSL library.
  • Cryptography: Improved ASN.1 time node parser.
  • Cryptography: Added support for certificate validation on Universal Windows Platform.
  • Cryptography: Added custom X509 certificate validator for .NET Compact Framework with full SHA-2 support on all platforms.
  • Cryptography: Fixed parsing of 'Intended Usage' extension when 'Decipher Only' was specified.
  • Cryptography: Added static Create method to SHA256Managed/SHA384Managed/SHA512Managed classes on .NET Compact Framework.
  • Cryptography: ValidationResult.ErrorCode deprecated and replaced with NativeErrorCode.
  • Cryptography: Optimized memory usage in CMS/PKCS #7 (SingedData/EnvelopedData classes).
  • Cryptography: Added missing argument checks to CertificateIssuer methods.
  • Cryptography: Added support for Base64-encoded files with CRLF end-of-line sequences to CertificateChain.LoadP7b method.
  • Cryptography: Fixed HMAC calculation based on SHA-384 and SHA-512 on NET Compact Framework and Mono platforms.
  • Cryptography: Added Rebex.Security.Certificates.CertificateEngine class to make it possible to implement custom X509 chain building and validation engines.
  • Common: Added ConsoleLogWriter for Xamarin platforms.
  • Common: Added Rebex.TeeLogWriter class that makes it possible to log to multiple log writers.
  • Common: Added LocalItem.GetChecksum methods and related types.

2016-08-26 Version 2016 R2.2 #
(build number 6083)

Maintenance release

This update brings several improvements, workarounds and bugfixes.

Complete list of changes of version 2016 R2.2

  • SSH: Enhanced handling of errors in FingerprintCheck event handlers.
  • TLS/SSL: Fixed a rare issue in abbreviated TLS/SSL negotiation handling.
  • Cryptography: Added CheckCertificate/GetIssuingDistributionPoint methods to CertificateRevocationList class and ValidateRevocationList method to Certificate class.
  • Cryptography: Enhanced SHA-2 support check on .NET Compact Framework.
  • Cryptography: Fixed SHA-2 support in AsymmetricKeyAlgorithm.SignHash on Windows Server 2008 (and possibly other old platforms).
  • Common: Added workaround for broken FileStream.SetLength on some .NET Compact Framework platforms.

2016-07-28 Version 2016 R2.1 #
(build number 6054)

Maintenance release

This is a maintenance release with enhancements and fixes in the shared functionality.

Complete list of changes of version 2016 R2.1

  • Networking: Fixed ProxySocket.ToEndPoint to throw a more meaningful exception for entries with no IP addresses.
  • TLS/SSL: Fixed unreadable TLS debug log messages on Xamarin platforms.
  • TLS/SSL: Added workarounds for bugs in Microsoft Schannel implementation of DHE_RSA_* ciphers related to incorrect padding processing.
  • Cryptography: Fixed AsymmetricKeyAlgorithm.SignHash (in 2016 R2, it falls back to RSAManaged without trying to use RSACryptoServiceProvider first).
  • Cryptography: Fixed CertificateIssuer.IssueRevocationList method that ignored signatureHashAlgorithm argument and always used SHA-1.
  • Common: FileLogWriter on Windows Store 8.x / Universal Windows Platform is now thread-safe.
  • Common: Fixed LocalItem(string) constructor on Windows Store 8.x / Universal Windows Platform.
  • Common: Added workaround for broken handling of surrogate pairs when converting to "iso-8859-1" using System.Text.Encoding on Mono 4.x.

2016-06-30 Version 2016 R2 #
(build number 6026)

Support for Xamarin June 2016 Update

June 2016 update of Xamarin.iOS/Xamarin.Android/Xamarin.Mac introduced a breaking change in Mono.Security API that broke compatibility with Rebex components. This issue has been solved in this release.

SHA-2 for all supported .NET Compact Framework platforms

SHA-1 is currently being deprecated (applies to X509 certificates, TLS/SSL and SSH), which poses a problem for legacy .NET Compact Framework platforms based on editions of Windows CE with no native SHA-2 support. To make solutions for these platforms compatible with current TLS/SSL and SSH serves, we added a custom implementation of SHA-2 for these legacy platforms.

Additional SSH host key algorithms

Support for 'x509v3-sign-dss', '' and '' host key algorithms has been added to SFTP, SCP, SSH and File Server components.

Complete list of changes of version 2016 R2

  • SFTP: Improved Disconnect method on .NET CF to make sure the connection is closed gracefully.
  • Networking: Increased default receive buffer size on Windows 8 and higher. Added related Proxy properties to make this configurable.
  • Proxy: ProxySocket object's Connect method now uses the timeout value specified by the Timeout property.
  • SSH: Added support for additional server authentication algorithms ('x509v3-sign-dss', '' and '').
  • SSH: Disabled hmac-sha96 SSH cipher in FIPS mode (it's not compliant).
  • SSH: Fixed error handling in queued background calls (mostly applies to session renegotiation).
  • SSH: Fixed renegotiation handling to allow renegotiation while authenticating.
  • SSH: Fixed DSA client certificate authentication.
  • SSH: Enhanced interactive authentication support to handle uppercase password prompts.
  • TLS/SSL: Enhanced SHA-2 support for .NET Compact Framework. SHA-256, SHA-384 and SHA-512 are now supported even on platforms with no native SHA-2 support.
  • TLS/SSL: Added Settings.SslSession property to allow resuming specific TLS/SSL sessions.
  • TLS/SSL: Fixed record layer 'protocol version' handling.
  • TLS/SSL: Enhanced Diffie-Hellman key exchange logging.
  • Cryptography: Fixed detection of native SHA-2 support in .NET Compact Framework version.
  • Cryptography: Added support for more variants of OpenSSL/OpenSSH (SSLeay) key files.
  • Cryptography: Fixed Certificate.Associate to work with DSA keys.
  • Cryptography: Added CrlNumber property to CertificateRevocationList object.
  • Cryptography: Added support for SHA-2 certificates to Certificate.VerifyHash in .NET 2.0 on Windows with FIPS-compliant mode enabled.
  • Cryptography: Certificate.LoadPfx and CertificateChain.LoadPfx methods now specify Exportable options by default (in addition to UserKeySet).
  • Cryptography: Added workaround for RSA implementations that reject rare signatures shorter than the key size.
  • Common: Enhanced SSPI error messages.
  • Common: Fixed LogWriterBase.Level default value.
  • Common: Fixed compatibility issue in Xamarin edition (caused by a breaking change in June 2016 update of Xamarin).

2016-02-10 Version 2016 R1.1 #
(build number 5885)

Experimental assemblies for Xamarin.Mac

Added experimental binaries of most Rebex components (FTP/SSL, SFTP, File Server, Secure Mail, ZIP, Time, Security) for Xamarin.Mac platforms. They are suitable for targeting Xamarin.Mac Mobile Framework and Xamarin.Mac .NET 4.5 Framework projects.

Maintenance release

Experimental binaries of most Rebex components (FTP/SSL, SFTP, File Server, Secure Mail, ZIP, Time, Security) for the Xamarin.Mac platform are now available. They are suitable for targeting both Xamarin.Mac Mobile and Xamarin.Mac .NET 4.5 Framework projects.

Maintenance release

This release includes several hotfixes.

Complete list of changes of version 2016 R1.1

  • SSH: Fixed seldom-used SshSession.Connect(string, int) method that was freezing since 2016 R1.
  • SSH: Added workaround for older version of Bitvise server that don't properly handle SSH channel closing.
  • SSH: Fixed handling of multi-line SSH banner messages.
  • SSH: Fixed a bug in SSH channel window size adjustment.
  • SSH: Fixed potential NullReferenceException error in SshSession.Dispose method.
  • TLS/SSL: Disabled any usage of MD5 in TLS 1.2 to prevent SLOTH attacks.

2016-01-11 Version 2016 R1 #
(build number 5855)

Experimental assemblies for Windows Store Apps

Experimental binaries of many Rebex components (SFTP, FTP/SSL, Time, ZIP, File Transfer Pack, Terminal Emulation) for "Windows 8 Store", "Windows 8.1 PCL", and "Windows Universal Platform" are now available. The are suitable for "Store Apps" targeting Windows 8.0, Windows 8.1, Windows Phone 8.1, Windows 10, Windows 10 Mobile and Windows 10 IoT. Visit Rebex Labs for additional information.

Mitigation of Logjam attacks

Check for minimum allowed Diffie-Hellman key size (1024 bits) has been added to SSH and TLS/SSL to mitigate Logjam attacks. The minimum value can be changes using Settings.SslMinimumDiffieHellmanKeySize or Settings.SshParameters.MinimumDiffieHellmanKeySize.

Server certificate authentication in SSH

Rebex SFTP, Terminal Emulation and File Server now support X509 certificate host key algorithm, making it possible to authenticate servers using a certificate instead of public key.

Complete list of changes of version 2016 R1

  • All: Added workaround for Xamarin.Android whose Dns.GetHostEntry resolves 'localhost' to device's external IP address.
  • All: Rebex assemblies are now signed with SHA-256 signatures in addition to legacy SHA-1 signatures.
  • SFTP: Enhanced error message reported by ChangeDirectory when trying to change into a non-existing directory.
  • Proxy: Fixed a bug in SOCKS4/SOCKS5 response reading code that triggered an infinite loop with buggy proxy servers.
  • Proxy: Enhanced DNS resolution error messages.
  • SSH: Enhanced interactive authentication support to make it possible to use AuthenticationRequest event to ask for username and password.
  • SSH: Enhanced rejected authentication logging and error reporting.
  • SSH: Fixed compatibility with old versions of OpenSSH (2 and 3).
  • SSH: Fixed a bug that could cause a deadlock in packet sending routine.
  • SSH: Added SshParameters.MinimumDiffieHellmanKeySize value (set to 1024 by default to mitigate Logjam attacks).
  • SSH: SshPrivateKey constructor's 'password' argument made optional.
  • SSH: No exception is thrown when the server aborts connection instead of closing it (unless a packet is being received).
  • SSH: Enhanced 'no common algorithms' error message.
  • SSH: Refactored SSH core to handle multi-thread scenarios more efficiently.
  • SSH: Added certificate-based constructor to SshPublicKey class.
  • SSH: Added support for certificate-based server authentication (using 'x509v3-sign-rsa algorithm').
  • SSH: Fixed misleading error message when user interactive authentication attempt is rejected.
  • SSH: Added support for one additional 'keyboard-interactive' authentication prompt ('Password for [user@server]:').
  • SSH: Added Settings.PostponeChannelClose option to enable workaround for servers that send channel data or exit code after the channel has been closed.
  • SSH: Added EnableSignaturePadding option that forces signature padding (workaround for SSH servers that got signature padding wrong).
  • SSH: Added logging of debug messages received from SSH server.
  • TLS/SSL: TLS 1.2 made compatible with Microsoft's implementation.
  • TLS/SSL: Fixed client certificate authentication in TLS 1.2.
  • TLS/SSL: Added Settings.SslMinimumDiffieHellmanKeySize value (set to 1024 by default to mitigate Logjam attacks).
  • TLS/SSL: Added reliable detection of SHA-2 certificate support.
  • Cryptography: Enhanced cryptographic provider initialization error message.
  • Cryptography: Added workaround for PuTTY keys with bad data at the end.
  • Common: Fixed multi-file operations to never modify input FileSet's BasePath.
  • Common: ThreadPool is now used to handle background operations instead of a custom implementation.
  • Common: Enhanced multithread operation support in log writers.

2015-08-24 Version 2015 R4.1 #
(build number 5715)

Fixed Xamarin mobile platform detection

Fixed platform detection code on Xamarin.iOS and Xamarin.Android.

Complete list of changes of version 2015 R4.1

  • All: Fixed platform detection on Xamarin.Android and Xamarin.iOS.
  • All: Version and platform added to assembly description.

2015-08-09 Version 2015 R4 #
(build number 5700)

Support for Windows 10, .NET Framework 4.6 and Visual Studio 2015

All Rebex components now ship with full support for Windows 10, .NET Framework 4.6 and Microsoft Visual Studio 2015. Older Visual Studio versions (2005 and higher) and .NET Framework versions (2.0 and higher) are still supported as well.

Faster TLS/SSL and SSH negotiation on Xamarin.Android

Our SSH and TLS/SSL libraries now use Java-based Diffie-Hellman on Xamarin.Android, which substantially speeds up SSH and TLS/SSL negotiation when Diffie-Hellman algorithm is used.

Complete list of changes of version 2015 R4

  • All: Enhanced platform detection code.
  • SFTP: Fixed Sftp.AbortTransfer to support value type states.
  • SFTP: DownloadBufferSize, DownloadQueueLength, UploadBufferSize and UploadQueueLength added to Sftp.Settings.
  • SFTP: Added workaround for a bug in GlobalScape 7.1.x which sends erroneous empty data packets to the client.
  • SFTP: Fixed ObjectDisposedException that might have occured when an SSH channel has been closed in a certain way.
  • SCP: Fixed treatment of additional special characters in remote paths.
  • SSH: Added Settings.TryPasswordFirst and Settings.WaitForServerWelcomeMessage workarounds to Scp and Ssh.
  • SSH: Added support for message authentication algorithms based on SHA-2 on .NET Compact Framework (when supported natively).
  • SSH: Fixed NullReferenceException thrown by some SshSession properties (such as IsConnected) when not connected.
  • SSH: SHA-2 is now the preferred message authentication algorithm.
  • SSH: Added logging of SSH packet header data on decoding error.
  • SSH: Added support for larger SSH packets.
  • TLS/SSL: Unified status handling in ValidatingCertificate events and ICertificateVerifier interface.
  • TLS/SSL: Enhanced TLS/SSL version mismatch handling.
  • Cryptography: Fixed final empty block handling in Twofish/Blowfish/ArcTwo TransformFinalBlock with PKCS #7 padding.
  • Cryptography: SSH and TLS/SSL now use Java-based Diffie-Hellman objects on Xamarin.Android platform to speed up negotiation.
  • Common: Fixed end-of-line sequences in LogWriterBase, optimized FileLogWriter.
  • Common: Added workaround for broken ASN.1 time values with the second part of "60".

2015-04-15 Version 2015 R3.1 #
(build number 5584)

Complete list of changes of version 2015 R3.1

  • SSH: Disabled legacy "arcfour" SSH cipher by default.
  • SSH: Fixed a bug that caused an algorithm list set by Settings.SshParameters.SetEncryptionAlgorithms to be ignored in FIPS-compliant mode.

2015-04-08 Version 2015 R3 #
(build number 5577)

Maintenance release

This update brings several enhancements and bugfixes.

Complete list of changes of version 2015 R3

  • All: Fixed Version property of Ftp, Imap, Pop3, Scp, Sftp, Smtp and Ssh classes to return a proper version number. Changed Ftp.Version to a static propery to match the other objects.
  • SCP: Added missing Scp.Login(SshGssApiCredentials) method and related events.
  • SSH: Enhanced some authentication error messages.
  • TLS/SSL: Disabled ciphers based on RC4 to prevend Bar Mitzvah attack on TLS/SSL.
  • Cryptography: Enhanced weak signature algorithm detection during certificate validation on Xamarin.iOS.
  • Common: Connect methods no longer require FileIOPermission (used to determine the assembly version for a log).

2015-03-17 Version 2015 R2 #
(build number 5555)

Maintenance release

This update brings several enhancements and bugfixes.

Complete list of changes of version 2015 R2

  • SCP: Fixed escaping of round brackets in remote paths.
  • TLS/SSL: Added support for TLS 1.2.
  • TLS/SSL: Added support for AES ciphers with SHA-256 checksums.
  • TLS/SSL: Disabled legacy 'exportable' ciphers (by default) to prevent FREAK security exploit.
  • Cryptography: Added support for SSLeay private keys with AES-256-CBC encryption.
  • Cryptography: Fixed broken HashSize property in SHA-2 CSP on .NET Compact Framework.

2015-02-02 Version 2015 R1 #
(build number 5512)

Support for Xamarin Unified API

Added support for the new Unified API. This includes unified 32-bit and 64-bit platform support and makes it simple to share code between iOS and Mac.

Complete list of changes of version 2015 R1

  • All: Added support for Xamarin.iOS unified API.
  • SFTP: Added Sftp.Settings.LogChecksums option that makes it easily possible to log checksums of uploaded files.
  • SFTP: Fixed listing of root-level wildcard paths.
  • SFTP: Added Sftp.CreateSymlink method.

2014-12-18 Version 2014 R3 #
(build number 5466)

Legacy SSL 3.0 disabled by default in TLS/SSL-enabled components.

TLS 1.1 is now used by default in TLS/SSL-enabled components. Legacy SSL 3.0 support is disabled by default because it is no longer considered secure. Its use is strongly discouraged after disclosure of POODLE Attack.

Maintenance release

This update brings several improvements, workarounds and bugfixes.

Complete list of changes of version 2014 R3

  • All: Added more overloads to asynchronous Connect and Login methods.
  • All: Removed legacy Connect methods and enumerations from Xamarin.iOS and Xamarin.Android version (should never have been there).
  • SFTP: Added workaround for Axway's strangely-behaved SSH_FXP_OPENDIR command.
  • SFTP: Added workaround for WS_FTP's problematic SSH_FXP_REALPATH command.
  • SFTP: Enhanced SFTP client to work nicely with Rebex File Server.
  • SSH: Enhanced SshPublicKey constructor to accept base64-encoded public key data.
  • SSH: Added workaround for wrong SSH_MSG_USERAUTH_PK_OK packet in Cisco SSH.
  • TLS/SSL: TLS 1.1 is now used by default in TLS/SSL-enabled components. Legacy SSL 3.0 support is disabled by default.
  • TLS/SSL: Added experimental support for AES and Twofish based anonymous ciphers.
  • Cryptography: Fixed SymmetricKeyAlgorithm.Padding for non-CBC modes.
  • Cryptography: Added support for base-64 encoded P7B certificate chains.
  • Cryptography: Changed padding of parameters exported by DSAManaged.ExportParameters to match DSACryptoServiceProvider.
  • Cryptography: Added AsymmetricKeyAlgorithm.PublicOnly property.
  • Cryptography: Added workaround for non-working HMACSHA256/384/512 on some FIPS-only systems.
  • Cryptography: Added CertificateExtension.EnhancedKeyUsage method Useful when constructing certificate requests using CertificateRequest object.
  • Cryptography: Fixed DiffieHellmanManaged.KeySize that sometimes reported shorter bit lengths.
  • Cryptography: Several new AsymmetricKeyAlgorithm-based methods added to Certificate and CertificationRequest.
  • Common: Added LocalItem.Attributes property.
  • Common: PKCS #12 key loading routines changed to not persist keys in Windows key storage by default.
  • Common: Added ConsoleLogWriter, a console-based log writer class.

2014-07-03 Version 2014 R2 #
(build number 5298)

Maintenance release

This update brings several improvements, workarounds and bugfixes.

Complete list of changes of version 2014 R2

  • All: Eliminated "Unknown heap type" warnings in Mono.
  • SFTP: Added Sftp.Settings.DisableRealPathWorkaround option to disable workaround for WS_FTP SSH_FXP_REALPATH bug.
  • SFTP: Added workaround for SFTP servers that report duplicate extensions.
  • Networking: Enhanced logging of failed certificate validation errors.
  • Proxy: Fixed ProxySocket's Connect method behavior with disabled timeout.
  • TLS/SSL: Enhanced TlsVersion and TlsCipherSuite parameters checking.
  • TLS/SSL: Fixed alert names in TlsException messages.
  • Cryptography: Added Load, Save and Generate methods to PrivateKeyInfo and PublicKeyInfo classes.
  • Cryptography: Enhanced CertificationRequest class to support request generating in addition to parsing.
  • Cryptography: Fixed behavior with disabled UseFipsAlgorithmOnly on FIPS-only systems.

2014-02-26 Version 2014 R1 #
(build number 5171)

Maintenance release

This update brings several improvements, workarounds and bugfixes.

Complete list of changes of version 2014 R1

  • All: Various small low-level optimizations.
  • SFTP: Added Sftp.Settings.TreatUnknownItemsAsFiles property (workaround for SFTP serves that return invalid item type values).
  • Networking: Added static NetworkSession.DefaultLogWriter property to make it easily possible to set a shared log writer for all Ftp/Sftp/Imap/Smtp/Pop3/Scp/Ssh/SshSession objects.
  • Proxy: Enhanced logging capabilities of ProxySocket class (Socket4/Socks5 proxies).
  • SSH: Added support for SHA-2 (SHA-256 and SHA-512) message authentication codes.
  • SSH: Enhanced CTR mode workaround for OpenSSH 4.x.
  • SSH: Fixed missing MAC algorithm ID in SshCipher.ToString().
  • SSH: Standard form of SSH_MSG_KEX_DH_GEX_REQUEST packets is used with recent OpenSSH servers instead of its legacy form.
  • TLS/SSL: Added new Certificate-based CertificateRequestHandler.CreateRequestHandler overloads.
  • Cryptography: Fixed a bug in MD5SHA1 signature validation on .NET Compact Framework.
  • Cryptography: Fixed AES CSP availability detection in FIPS-compliant mode.
  • Cryptography: Fixed sorting of PKCS #7 signature attributes.
  • Cryptography: Added support for AES-128-CBC SSLeay private keys.
  • Cryptography: Added workaround for certificates and keys in Base64-encoded format ending with a zero octet.
  • Common: Assemblies made more obfuscator-friendly.
  • Common: Fixed null value comparisons in FileSystemItemComparer.

2013-12-02 Version 2013 R3 #
(build number 5085)

Support for Xamarin.iOS and Xamarin.Android

Rebex components now support Xamarin.iOS and Xamarin.Android, making it possible to target iPad/iPhone and Android devices! (The only exception is the Terminal Emulation component whose TerminalControl object relies heavily on Windows Forms and is only available for Windows and Linux at the moment.)

Support for .NET Compact Framework 3.9

In addition to .NET CF 2.0 and 3.5, we now support .NET CF 3.9 as well. This makes it possible to target Windows Embedded Compact 2013, Microsoft's latest incarnation of Window CE.

Assemblies for every supported platform for all

With every purchase, you now get binaries for all supported platforms. Users with active support contract were upgraded for free. This will make it easy to embrace the new trends - we offer a single API that works with .NET, .NET Compact Framework, Mono, Xamarin.iOS and Xamarin.Android.

Support for Visual Studio 2013

All Rebex components now ship with full support for Microsoft Visual Studio 2013. Older Visual Studio versions (2005 and higher) and .NET Framework versions (2.0 and higher) are still supported as well.

Complete list of changes of version 2013 R3

  • All: Xamarin.iOS and Xamarin.Android officially supported in all components except Rebex Terminal Emulation.
  • All: .NET Compact Framework 3.9 officially supported.
  • All: Visual Studio 2013 officially supported.
  • SFTP: SftpBatchTransferException made obsolete (use SftpException instead).
  • SFTP: Fixed timeout handling in Sftp.Connect method.
  • SFTP: Added Sftp.Settings.DisablePathNormalization option.
  • SFTP: Added Sftp.Setting.RecheckItemExistence option to verify remote item existence before using it.
  • SFTP: Fixed assignment of default reaction in response to a problem encountered during Upload/Download methods.
  • SCP: Upload and Download methods added to Scp object to replace PutFiles and GetFiles methods.
  • Networking: On Windows 8 and 8.1, larger TCP receive buffer size is used by default. The default value caused low transfer speeds in many cases with FTP and SFTP.
  • Networking: Added IsAuthenticated and IsConnected properties to NetworkSession (Ftp, Sftp, Scp, Imap, Smtp, Pop3, Ssh and SshSession objects).
  • Proxy: Added support for digest authentication to HTTP CONNECT proxies.
  • Proxy: Fixed ProxySocket.BeginSend and BeginReceived methods which used to fail in some scenarios.
  • SSH: Added support for additional formats to SshPublicKey/SshPrivateKey object's SavePublicKey method and SshPublicKey constructor.
  • SSH: Enhanced error checking to report a more meaningful error instead of "Invalid decoder state" in case of some connection failures.
  • SSH: Enhanced GSSAPI/Kerberos support to be compatible with OpenSSH.
  • SSH: Added Kerberos ticket delegation support.
  • SSH: Added GSSAPI/Kerberos support to .NET CF version of SSH core.
  • Cryptography: Changed Certificate.FindCertificates method not to include subordinate CAs in the search by default.
  • Cryptography: Fixed CertificateStore.Exists on non-Windows platforms.
  • Cryptography: Added workaround for opening certificate stores in .NET CF that don't exist yet.
  • Cryptography: Added workaround for problem with DSA certificate in .PFX importing code on Windows Embedded Compact 2013.
  • Cryptography: Added .NET CF support for Certificate.Associate(privateKey, permanentBind)
  • Cryptography: Added Certificate.GetAuthorityKeyIdentifier() method.
  • Cryptography: Changed SignerInfo and SignerInfo objects to use NULL parameters for hash algorithms (in order to match RSACryptoServiceProvider behavior).
  • Common: Added FileLogWriter.Path to replace FileLogWriter.Filename.
  • Common: Added LocalItem.ComputeCrc32() method.
  • Common: Signed and encrypted message parsing made more compatible with broken messages.

2013-08-20 Version 2013 R2 #
(build number 4981)

Maintenance release

This update adds support for IPv6 hostnames with zone IDs.

Complete list of changes of version 2013 R2

  • Networking: Added support for IPv6 hostnames with zone IDs.
  • TLS/SSL: Added workaround for MS FTP's TLS 1.1 bug in close_notify handling.

2013-07-29 Version 2013 R1 #
(build number 4959)

Official support for Mono

All Rebex components now officially support Mono, an open source, cross-platform, implementation of C# and the CLR that is binary compatible with Microsoft.NET. The same assemblies that work on Windows now work on Mono in Linux or Apple OS X as well.

Unified FTP and SFTP item comparers

Although FtpItemCollection and SftpItemCollection objects have been derived from a shared base class since the introduction of IFtp (a common interface for SFTP and FTP/SSL), a common base class for FtpItemComparer and SftpItemComparer has been missing. In this release, we added FileSystemItemComparer to fix this inconvenience.

Complete list of changes of version 2013 R1

  • All: Added support for Mono.
  • All: Fixed finalizers that used to call state-changed events in some cases.
  • SFTP: GetItems now returns links instead of resolved items.
  • SFTP: Sftp.Settings.RestoreDateTime now applies to PutFile and GetFile methods as well.
  • SFTP: Fixed handling of broken links when deleting.
  • SFTP: Added default error messages for SFTP v4 errors.
  • SFTP: Added Sftp.Settings.TimeComparisonGranularity property.
  • SFTP: Added Sftp.Setting.DisableFxpStatWorkaround property.
  • SFTP: Fixed FingerprintCheck, BannerReceived and AuthenticateRequest events in Sftp and Scp.
  • SFTP: Added Sftp.KeepAlive() method.
  • SFTP: Sftp.GetConnectionState() method made more reliable.
  • SFTP: When using TransferMethod.Move, only successfully transferred files are deleted.
  • SFTP: Fixed SftpItem.Name to return "/" instead of "" for the root folder.
  • SFTP: Fixed two event calls in file listing methods that did not use the proper synchronization context.
  • SFTP: GetList and GetInfo return a path in the Path property.
  • SFTP: Added support for restoring creation date/time on upload.
  • SFTP: Enhanced multi-file operation logging.
  • SFTP: Added FileSystemItemComparer to replace FtpItemComparer and SftpItemComparer.
  • SFTP: Multi-file operations fixed to work properly with '.'-based FileSets.
  • SFTP: Several options shared by Ftp and Sftp objects added to IFtpSettings.
  • SFTP: Fixed Delete("dir/.") that used to delete "dir" as well.
  • Proxy: Added support for HTTP CONNECT proxy communication logging.
  • SSH: Dispose and Disconnect methods added to SshSession object and Close method deprecated.
  • SSH: SshSession now throws exceptions with ConnectionClosed status on closed connections.
  • SSH: Fixed SshException.Data["ProtocolCode"] and .Data["ProtocolMessage"] values.
  • SSH: Added verbose logging of raw data during welcome message exchange.
  • SSH: Fixed FingerprintCheck, BannerReceived and AuthenticateRequest events in Ssh.
  • TLS/SSL: SslInsertEmptyFragments property added to SslSettings.
  • TLS/SSL: Fixed null TlsParameters.Certificate handling in server-side TlsSocket.
  • Cryptography: Added support for anyExtendedKeyUsage attribute (in X509 certificates).
  • Cryptography: Added DiffieHellmanCryptoServiceProvider class.
  • Cryptography: Added PrivateKeyFormat.RawPkcs8 format for PrivateKeyInfo.Save and PrivateKeyInfo.Encode methods.
  • Cryptography: RSAManaged.VerifyHash returns false on error.
  • Cryptography: Fixed ArcTwoTransform to treat EffectiveKeySize of 0 as "current KeySize".
  • Cryptography: HMAC fixed to use block length of 128 for algorithms with hashes larger than 256 bits.
  • Cryptography: Fixed certificate verification to better handle server certificate with missing common name (used to throw NullReferenceException).
  • Cryptography: Fixed handle leak in CertificateStore constructor.
  • Common: Enhanced workaround for Stream.Seek on .NET CF.
  • Common: FileLogWriter enhanced to log assembly version when opening log file.
  • Common: Added missing PublicKeyInfo() constructor.
  • Common: Added FileSet.ContainingDirectoriesIncluded option.
  • Common: Added workaround for instances of FileStream that return "[Unknown]" name.
  • Common: EncodingTools support IBM437 charset on all platforms.
  • Common: Added CertificateFindOptions.None.
  • Common: Added FileSystemItemCollection.UsePath property.

2012-11-12 Version 2012 R3 #
(build number 4700)

Official support for Visual Studio 2012

All Rebex components now ship with full support for Microsoft Visual Studio 2012. Samples and tutorials were updated for a new project file format. Older Visual Studio and .NET Framework versions are still supported too.

Task-based asynchronous methods

The major change is the addition of new Task-based asynchronous methods to .NET 4.0/4.5 variant of our components. This brings our API up-to-date with the current trends and makes it possible to utilize the new await keyword available in .NET 4.5 and Visual Studio 2012. Finally, asynchronous programming became easy and seamless. Check out some of the updated samples to see this in action!

Events now using SynchronizationContext

Previously, events raised by asynchronous methods were running in a background thread, making them hard to use in GUI applications. Now, events are raised using the SynchronizationContext captured when the asynchronous method was started, which basically means the events will run on application's GUI thread, making it possible to update application's controls directly from the event code.

Complete list of changes of version 2012 R3

  • All: Added .NET 4.x-style task-based asynchronous methods to objects previously using .NET 1.x-style Begin/End asynchronous pattern.
  • All: Asynchronous method events are raised using the current synchronization context for the asynchronous operation.
  • All: Added options to force the old-style event behavior (not using the current synchronization context).
  • All: Added Rebex.Legacy namespace to .NET 4.x builds to allow compiling code that uses old-style asynchronous methods.
  • All: Added official support for Visual Studio 2012.
  • SFTP: Added Sftp.Settings.RestoreDateTime property to make it possible to restore source date/time on target.
  • SFTP: Removed unused SftpBatchTransferOperation.FileDataBlockProcessed value.
  • SFTP: Changed Sftp.PutFile(..., string, long, long) behavior to truncate remote path when zero remote offset is specified (corresponds to Sftp.PutFile(..., string) behavior). Added Sftp.Settings.DisablePutFileZeroOffsetTruncate option to force old behavior.
  • SFTP: Fixed ActionOnExistingFiles.ResumeIfPossible behavior to skip existing files if already transferred.
  • SFTP: Multi-file operation events always report absolute paths.
  • SFTP: Enhanced source path checking in multi-file operations.
  • SFTP: Fixed argument checks in GetStream/GetUploadStream/GetDownloadStream methods.
  • SFTP: Added Rename value to ActionOnExistingFiles enum (used in Upload/Download methods).
  • SFTP: Events Traversing, TransferProgressChanged, DeleteProgressChanged and ProblemDetected added into Sftp to make it possible to get notified about significant actions and to be able to react to a problem in multi-file operations.
  • SCP: Added connected-check to Scp object methods.
  • SCP: Changed default SCP upload packet size from 32KB to 8KB (the former size was too big for some servers).
  • SCP: Added workaround for SCP in OpenSSH 4.x that doesn't accept quoted paths.
  • Networking: NetworkSessionException is now the base class for all network protocol exceptions.
  • Networking: Task-based asynchronous methods added to IFtp interface.
  • Networking: Removed several Socket.Available calls, resulting in higher speed and Windows Azure compatibility.
  • Networking: Events Traversing, TransferProgressChanged, DeleteProgressChanged and ProblemDetected added into IFtp to make it possible to get notified about significant actions and to be able to react to a problem in multi-file operations.
  • SSH: Better error message for unsuccessful keyboard-interactive fallback workaround.
  • SSH: Enhanced "Invalid decoder state" error reporting.
  • SSH: Added support for diffie-hellman-group-exchange-sha256 key exchange algorithm.
  • SSH: Added SshPublicKey class, SshSession.ServerKey property and FingerprintCheck.ServerKey property (to make it possible to determine server host key in addition to fingerprint).
  • TLS/SSL: Fixed a bug in server-side TLS/SSL that caused it to fail when session resuming was enabled.
  • TLS/SSL: Fixed TlsException serialization that failed for some errors.
  • TLS/SSL: Fixed a bug that caused problems with TLS/SSL in FIPS-only mode.
  • Cryptography: Fixed a bug in TransformFinalBlock method of Rebex.Security.Cryptography ciphers that caused interoperability issues with CryptoStream.
  • Cryptography: Fixed PKCS#7 padding check in built-in ciphers.
  • Cryptography: Added EncodingTools class that adds support for all the charsets needed on all platforms.
  • Cryptography: Added auto-detection of a bug in unpatched .NET 3.5's AesCryptoServiceProvider object.
  • Cryptography: Implicit ObjectIdentifier(string) constructor added.
  • Cryptography: Fixed CryptoHelper.CreateAlgorithm to return CSP version of SHA-2 hash algorithms when available.
  • Cryptography: Fixed CertificateFinder property behavior to keep old certificates if no certificates are found by the new finder.
  • Cryptography: Server certificate verification routine now allows certificates with '*' names to be used for '' in addition to '*'.
  • Cryptography: Fixed a bug in private key decryption routine which failed with keys encrypted with PKCS #12 key derivation algorithm.
  • Common: Fixed P/Invokes in NTLM/Kerberos code.
  • Common: AddRange method added to file item collections.
  • Common: FIPS 140-2 compliant mode enhancements.
  • Common: Fixed certificate validation issue on Windows XP and Windows Server 2003.
  • Common: Added Certificate.Thumbprint property.
  • Common: Fixed a bug in certificate chain building routine that caused it to ignore additional stores in some cases.

2012-06-11 Version 2012 R2 #
(build number 4546)

Client certificate authentication in SFTP & SSH

Although SFTP/SSH usually use password-based or public-key-based authentication, some servers support X509 client certificate authentication as well. Unfortunately, not all servers support this, and those which do use a variety of different protocol extensions to achieve it. In this release, we have added client certificate authentication compatible with VanDyke VShell server. If it doesn't work with your server, please let us know.

Complete list of changes of version 2012 R2

  • SFTP: Added support for POSIX rename ('' extension).
  • SFTP: Fixed a bug in Sftp.GetFiles which caused an ArgumentOutOfRangeException on some servers.
  • SFTP: SftpItem uses UTC time for range checks (previously there were problems with times close to 1970-01-01).
  • SFTP: Added Download/Upload(string, string) method overload.
  • SFTP: Added Sftp.GetItems(string, ...) methods.
  • Networking: UseLargeBuffers option added into IFtpSettings.
  • SSH: Added SshPrivateKey(AsymmetricAlgorithm) constructor that makes it possible to initialize it from RSACryptoServiceProvider/DSACryptoServiceProvider (useful for SmartCard-based keys).
  • SSH: Fixed wrong handling of large remote SSH channel window sizes (used by mod_sftp server).
  • SSH: Client certificate authentication added (compatible with VanDyke VShell server).
  • SSH: ZLIB support announced even when not preferred (without that, we were unable to connect to servers that refuse uncompressed sessions).
  • SSH: Fixed a bug that causes a misleading error to be reported on immediately-closed connections.
  • SSH: Added workaround for mod_sftp/0.9.7 which occasionally produces broken DSA signatures.
  • TLS/SSL: Fixed a misleading error message which was reported when certificate revocation status could not be checked.
  • TLS/SSL: When ProtocolVersion error occurs, data received prior to it is logged.
  • Cryptography: Fixed local/UTC time comparison in Certificate.IsTimeValid.
  • Cryptography: Added implicit conversion between Certificate object and X509Certificate/X509Certificate2 objects.
  • Cryptography: Enhanced compatibility with Mono on non-Windows platforms - Certificate validation now works!
  • Cryptography: Support for saving .PFX/.P12 files added to Certificate.Save method.
  • Cryptography: Added new overloads of Certificate.Associate that make it possible to permanently bind the private key to the certificate.
  • Cryptography: Added Certificate.FriendlyName property.
  • Cryptography: Fixed Certificate.SignHash method which used to fail on .NET 2.0 when an associated key was used for MD5SHA1 signature generation.
  • Cryptography: Fixed MD5Managed.HashSize property which used to return 0.
  • Cryptography: Certificate.HasPrivateKey code in .NET CF version changed to behave identically to .NET version.
  • Common: Added FileSet.Flatten option (makes it possible to ignore source directory structure and copy all files into single target directory).
  • Common: Enhanced error reporting of file-path-based methods.
  • Common: Added LocalItem and LocalItemCollection classes (used by FileSet.GetLocalItems method).

2012-03-01 Version 2012 R1 #
(build number 4444)

Components DLLs have been renamed

We found out that the DLL naming scheme we decided to use back in 2003 was no longer sustainable and decided to change it. Instead of Rebex.Net.Ssh.dll, Rebex.Net.SecureSocket.dll, Rebex.Net.ProxySocket.dll and Rebex.Security.dll, we now have Rebex.Common.dll and Rebex.Networking.dll. Most of the other DLLs were renamed as well during the process (Rebex.Net.Ftp.dll became Rebex.Ftp.dll, for example). We are sorry for any inconvenience this may have caused, but an alternative solution - introduction of a new DLL for shared functionality - would not be hassle-free either. Fortunately, in order to upgrade to the new version, most customers will only need to remove references to the old DLLs and add references to the new ones because the API is still backward-compatible.

New multi-file methods in Rebex SFTP and FTP/SSL

FTP/SSL and SFTP got several new methods: Upload, Download, Delete and GetItems. The first two are replacements for PutFiles/GetFiles (and support move operation in addition to copy), Delete makes it possible to delete multiple files (or even a directory tree) at once and GetItems makes it possible to retrieve a list of files for the whole directory tree in one call.

Common API for SFTP and FTP/SSL (experimental)

Lot of our customers have been asking for a common API capable of both SFTP and FTP/SSL. Even though Ftp and Sftp objects provide a very similar API, they are still two distinct classes and writing code that can use either of them was hard. Now, it got much better with the introduction of IFtp interface.

Faster Blowfish and Twofish algorithms for Rebex SFTP and Rebex SSH Shell

Bruce Schneier's Blowfish and Twofish symmetric encryption algorithms are a popular choice for SSH communication encryption. Although we have been already supporting both for a few years, we developed a new managed implementation that is substantially faster than the old one.

Complete list of changes of version 2012 R1

  • All: SecurityRuleSet.Level2 is used for .NET 4.0 binaries.
  • All: Added a Stream.Flush() call after each Stream.Seek() or Stream.Position call in .NET Compact Framework (workaround for .NET CF FileStream bug).
  • SFTP: Auto-resume capability added for PutFiles/GetFiles methods.
  • SFTP: Added workarounds for another SFTP server where SSH_FXP_STAT and SSH_FXP_REALPATH commands (used by many Rebex SFTP methods) don't always work (for aliased directories, for example).
  • SFTP: Added workaround for ChangeDirectory problems with WS_FTP server.
  • SFTP: OpenSSH on a Unix-like OS is now detected properly.
  • SFTP: Fixed a bug in PutFiles method that caused incorrect behavior when a root-based masked path was specified.
  • SFTP: Changing Sftp's or Scp's LogWriter now changes the underlying SshSession's LogWriter as well.
  • SFTP: Added SftpOptions.UseSmallPackets option that reportedly solves speed issues in some rare circumstances.
  • SFTP: It's now possible to call Sftp.Login again if it fails.
  • SFTP: Added TryPasswordFirst option to try "password" authentication first and "publickey" later (by default, the opposite order is used).
  • SFTP: New values related to Upload, Download, Delete and GetItems methods added to SftpBatchTransferOperation enum.
  • SFTP: String comparison methods use StringComparison.Ordinal.
  • SFTP: New Download, Upload, Delete and GetItems methods added to Sftp object (along with associated enums and classes).
  • SFTP: Added Sftp.Settings property that replaces and extends Sftp.Options.
  • SFTP: Sftp object implements IFtp interface to make it easier to write code which works with both FTP and SFTP.
  • SFTP: Multi-file operations optimized by omitting existence check of items found during the operation.
  • Networking: Socket.NoDelay is used by default in non-CF version of Rebex components.
  • SSH: Fixed error handling in SshSession.OpenTcpIpTunnel method that caused troubles when multiple channels were active at the same time.
  • SSH: SshChannel no longer attempts to adjust window size after the channel has been closed.
  • TLS/SSL: Fixed non-working TlsSocket.BeginSend and BeginReceive methods.
  • Cryptography: Certificate.Save and Certificate.SavePrivateKey methods added, along with a corresponding variant of Certificate.LoadDerWithKey.
  • Cryptography: PKCS #7 writer changed to use a more compatible variant of EncryptedContent in EncryptedContentInfo structure. This solves interoperability issues with Entrust CSP and signed messages.
  • Cryptography: Added ObjectIdentifier.ToArray(bool useDer) method.
  • Cryptography: CertificateChain.LoadP7b method added (used for loading .P7B certificate chains).
  • SSH Core: Added SshParameters.PreferredHostKeyAlgorithm property.
  • SSH Core: Added SshChannel.PassEnvironmentVariable method.
  • SSH Core: Fixed NullReferenceException during simultaneous channel close/read.
  • SSH Core: Fixed a deadlock that may have occured when using multiple SSH channels from multiple threads.
  • SSH Core: Fixed a race condition that may have occured when sending and reading from a single SSH channel at the same time.
  • SSH Core: Removed SshParameters.Options property because it was ignored and only present by mistake.
  • SSH Core: Added SshParameters.SetEncryptionAlgorithms method to specify exact list and order of allowed SSH ciphers. Corresponding GetEncryptionAlgorithms method added as well.
  • Cryptography: Faster Blowfish and Twofish algorithms.
  • Cryptography: SubjectPublicKeyInfo.Load method now supports binary keys.
  • Cryptography: Removed lots of CryptoApi dependencies from Certificate code.
  • Cryptography: 4096-bit DSA keys (used by some SSH servers) are no longer rejected.
  • Cryptography: Diffie-Hellman and DSA algorithms fall back to managed ModPow calculation on .NET CF with missing "Enhanced DSA and Diffie-Hellman" CSPs.
  • Cryptography: Added Certificate.Associate(PrivateKeyInfo) method.
  • Cryptography: Certificates associated with a private key using Associate method now support MD5SHA1 hash algorithm and suitable for TLS/SSL client certificate authentication.
  • Common: Fixed a bug in TraceLogWriter that caused an additional newline to be written at the end of each message.
  • Common: Added FileSystemItem and FileSystemItemCollection classes.
  • Common: Better readability in Verbose-level logs.
  • Common: Thread ID added to all log messages.

2011-03-09 Version 2.0.4086.0 #
(build number 4086)

Complete list of changes of version 2.0.4086.0

  • SSH Core: Added workaround for old SSH servers that miscalculate HMAC-SHA1 keys.
  • SSH Core: Added SshParameters.AuthenticationMethods to make it possible to only enable desired authentication methods.
  • SSH Core: SendEof method added to SshChannel to make it possible to achieve plink-like functionality.
  • SSH Core: Fixed a bug in SSH channel window size adjustment code which could cause a timeout on servers which send oversized packets.
  • SSH Core: Fixed a bug that prevented SSH key renegotiation requests from being processed, resulting in a timeout.
  • SSH Core: Abort flag checking messages removed from Debug log.

2011-02-11 Version 2.0.4060.0 #
(build number 4060)

Complete list of changes of version 2.0.4060.0

  • SFTP: Bandwidth throttling support in Rebex SFTP through Sftp object's MaxUploadSpeed/MaxDownloadSpeed properties.
  • SFTP: SetFileDateTime in SFTP v4 is now compatible with WS_FTP.
  • SFTP: Sftp object's AbortTransfer method now properly cancels operations that are just about to start as well.
  • SFTP: Added SftpItemComparer class to ease sorting of SftpItemCollection items.
  • SFTP: Added workarounds to Sftp.GetStream method SFTP servers that don't support the Append mode.
  • SFTP: BytesTotal and ProgressPercentage properties added to Sftp.TransferProgress event arguments.
  • SFTP: Added workarounds for several SFTP servers where SSH_FXP_STAT and SSH_FXP_REALPATH commands (used by many Rebex SFTP methods) don't always work (for aliased directories, for example).
  • SFTP: Sftp.PutFiles method (in ThrowExceptionOnLinks mode) correctly detects the links in Windows 7 which were not detected previously.
  • SFTP: Added a workaround for SFTP server that sent duplicate filenames in their listings.
  • SCP: GetFiles and PutFiles methods added to Scp object to make it possible to transfer multiple files or a whole directory tree in one call.
  • ProxySocket: Added a new ILogWriter implementation that logs all messages to .NET's System.Diagnostics.Trace.
  • Cryptography: Added a new overload of SshPrivateKey.Save to make it possible to save keys in SSLEay/OpenSSH format (in addition to PuTTY .ppk and PKCS #8 formats).
  • Cryptography: Added CertificateChain.Save method to save the chain in .p7b format.
  • Cryptography: Fixed a bug in DistinguishedName object that caused the elements of string representation of DNs to be reversed.
  • Cryptography: Added CryptoHelper.ForceManagedAes flag as a workaround to .NET's leaking AesCryptoServiceProvider.
  • SSH Core: AuthenticationRequest event added to make it possible to deal with all kinds of "keyboard-interactive" authentication prompts.
  • SSH Core: Fixed a possible race condition that might have occurred when using the same SshSession instance from multiple threads.
  • SSH Core: Enhanced automated "keyboard-interactive" authentication to support more variants of password prompt.
  • SSH Core: Fixed a bug in ZLIB decompression routines.
  • SSH Core: SshSession.Encoding property added.
  • SSH Core: Added SshOptions.WaitForServerWelcomeMessage option.
  • SSH Core: Updated SFTP to detect, read and skip unexpected malformed packets which used to throw a "Message with invalid length xxx was received." exception when trying to login.

2010-07-20 Version 2.0.3854.0 #
(build number 3854)

Complete list of changes of version 2.0.3854.0

  • SFTP: Added Sftp.GetStream method that makes it possible to open a readable/writable/seekable stream of a remote file.
  • SFTP: Sftp class inherits from NetworkSession base class that implements some common properties.
  • SFTP: Added SftpOption.UseReadWriteModeForDownloads.
  • SFTP: Added ProtocolVersion property to Sftp class.
  • SFTP: SftpItemCollection.GetEnumerator is now an implementation of IEnumerable<SftpItem>.
  • SFTP: Fixed a DateTime range check in SftpAttributes.Modified and .Created which was performed before the conversion to UTC.
  • SFTP: Better error handling in GetFiles/PutFiles methods.
  • SSH: Added support for aes*-ctr and 3des-ctr ciphers.
  • SSH Core: In FIPS-only mode, a CryptoAPI implementation of AES is used if available.
  • SSH Core: SshSession class inherits from NetworkSession base class that implements some common properties.
  • SSH Core: SshChannel.ExtendedDataReceived event added to make it possible to receive extended data.

2010-05-20 Version 2.0.3793.0 #
(build number 3793)

Complete list of changes of version 2.0.3793.0

  • All: Packages for .NET 4.0 and Visual Studio 2010 now available.
  • SFTP: Fixed a bug that caused "/" local path argument of PutFiles/GetFiles methods to be treated as current directory.
  • SFTP: Added Sftp.Bind and Scp.Bind method to make it possible to bind the SFTP or SCP object to existing SSH session.
  • SFTP: A full local path is passed in SftpBatchTransferProgressEventArgs.
  • SFTP: SftpTransferProgressEventArgs now contain RemotePath and LocalPath when available.
  • SFTP: SftpBatchTransferException is now serializable.
  • SFTP: Queued data packets are no longer written to the output stream after download operation has been aborted.
  • SSH Core: Added a workaround for a server that announces support for "password" authentication but requires "keyboard-interactive" instead.
  • SSH Core: Fixed a bug in ZLIB compression routines that caused compatibility problems with GlobalScape and BitVise servers when compression was enabled.
  • SSH Core: Fixed a bug that caused SSH session to hang if a broken (incomplete) SSH packet arrived (rare).

2010-03-11 Version 2.0.3723.0 #
(build number 3723)

Complete list of changes of version 2.0.3723.0

  • SFTP: A more meaningful exception is thrown when a directory path is passed to Sftp.GetFile method instead of file path.
  • SFTP: Added support for getting and setting file creating date (only works with servers that support SFTP v4).
  • SFTP: Fixed SSH_FXP_READ packet logging code that caused some packets not to appear in the communication log.
  • SFTP: Added a workaround for servers where SSH_FXP_STAT command doesn't work correctly on directories.
  • SFTP: Fixed a bug in GetFile method that caused it to hang if length was specified.
  • SFTP: Added SftpBatchTransferOptions.XCopy batch transfer mode. This is an alternative form of FtpBatchTransferOptions.Recursive that traverses all subdirectories but only transfers files that match the specified mask.
  • SFTP: Fixed PutFiles method to accept all kinds of root paths (such as "c:", "c:/", or "c:\" - previously, only "c:\." worked).
  • SFTP: SftpTransferProgressEventArgs.BytesPerSecond property added that contains the estimated current speed.
  • SFTP: HierarchyRetrieve events are no longer raised when only a single file is transferred.
  • SFTP: Added experimental SftpOptions.UseLargeBuffers to use larger internal buffers (doesn't seem to make substantial difference on most systems).
  • SFTP: Data-block-receiving routines optimized to write directly to the output stream without a round-trip through a temporary buffer.
  • SFTP: Fixed a bug that made it impossible to call Sftp.GetFiles method on a root directory.
  • SFTP: Sftp.TransferProgress event is called less often on high-speed connections now (several times per second is sufficient).
  • ProxySocket: The underscore character is now allowed in hostnames (this is non-standard, but used by Windows).
  • ProxySocket: FileLogWriter is capable of logging into a single file from multiple applications now.
  • ProxySocket: ProxySocket.Send behavior changed to always send all the data or fail.
  • Cryptography: Added Certificate.LoadDerWithKey method to make it possible to easily load certificates with private keys in external file (Unix-style).
  • Cryptography: Support for PKCS #7 EnvelopedData encrypted using RC2 with effective key length not equal to key data length.
  • Cryptography: Fixed a bug in EnvelopedData class that cause a NullReferenceException to be raised when unsupported encryption algorithm is encoutered.
  • Cryptography: Internal ModPow method optimized.
  • Cryptography: Key generation support removed from RSAManaged a DSAManaged. No part of any of our components ever used it at it was prohibitively slow anyway.
  • SSH Core: Added SshFingerprint.Compute and SshFingerprint.FromBase64String methods to make it possible to easily calculate a fingerprint of the supplied public key.
  • SSH Core: ZLIB compression is now switched off by default (caused problems with some servers).
  • SSH Core: Client KEX_INIT packet is sent without waiting for the server side one (this is the only proper behavior).
  • SSH Core: Added SshSession.KeepAlive method to make it possible to periodically "ping" the SSH connection to keep it working and detect failures.

2009-10-27 Version 2.0.3588.0 #
(build number 3588)

Complete list of changes of version 2.0.3588.0

  • SFTP: SFTP v4 support added.
  • SFTP: Fixed a bug in CreateDirectory/ChangeDirectory workaround for CoreFTP.
  • SFTP: Added workaround for ProFTPd's mod_sftpd SSH_FXP_REALPATH command that fails for newly created directories.
  • ProxySocket: Proxy object now has Encoding property that makes it possible to specify character set to be used for parsing server responses.
  • ProxySocket: ProxySocketException.ErrorCode property now returns HTTP and Socket4/Socks5 error codes when available.
  • ProxySocket: SspiAuthentication and GssApiProvider classes added that provide GSSAPI/SSPI functionality.
  • Cryptography: Certificate's CRL distribution point list can be accessed using GetCrlDistributionPoints method.
  • SSH Core: Fixed a bug in ArcFour cipher implementation that made it unusable.
  • SSH Core: Fixed a bug that caused an SSH welcome message to be parsed incorrectly when split accross multiple packets.
  • SSH Core: Added support for ZLIB transfer compression.

2009-07-15 Version 2.0.3484.0 #
(build number 3484)

Complete list of changes of version 2.0.3484.0

  • SSH: Fixed a bug in GSSAPI authentication that caused it to work improperly in 32bit .NET Framework.

2009-07-10 Version 2.0.3479.0 #
(build number 3479)

Complete list of changes of version 2.0.3479.0

  • SFTP: IEnumerable<T> support added to collections for .NET 2.0 and higher.
  • Cryptography: .PFX/P12 private key file loading support for Windows Mobile 5 and newer.
  • Cryptography: Added support for signatures based on SHA-2 (SHA-256, SHA-384 and SHA-512).
  • Cryptography: If .NET 3.5 is available, a new and much faster AES implementation is used instead of RijndaelManaged.
  • Cryptography: Behavior of certificate finders in CMS/PKCS #7 was enhanced - embedded certificates are always searched now.
  • SSH Core: Support for GSSAPI authentication (gssapi-with-mic) added. Kerberos (not on .NET CF) and NTLM mechanisms are supported. MS SSPI is used as an underlying authentication provider.
  • SSH Core: SshFingerprint class extended to support multiple hash algorithms.
  • SSH Core: Added BannerReceived event that ca be used to receive banner messages sent by the server.
  • SSH Core: Added FingerprintCheck event as an alternative way to check server fingerprint.
  • SSH Core: Support for authentication using both username/password and public key at the same time made compatible with Maverick SSHD server.

2009-05-20 Version 2.0.3428.0 #
(build number 3428)

Complete list of changes of version 2.0.3428.0

  • SFTP: Added support for transfer compression through a plugged-in library.
  • SFTP: Upload and download speed enhanced a lot using the pipelining approach.
  • SFTP: UTF-8 encoding is used by default for WS_FTP server.
  • SFTP: Upload and download buffer size changed from 32K to 28K because the original size resulted in two packets being sent.
  • SFTP: Fixed a misleading error message that occurs when both password and public key authentication is required by the server but the clients only supply one of the credentials.
  • SFTP: Added several workarounds for CoreFTP server's SFTP implementation that suffers from numerous bugs such as missing file attributes or half-working SSH_FXP_REALPATH command.
  • SFTP: Fixed a bug in GetFiles and PutFiles method that caused a wrong path to be used when a filename only was specified or when a root path was specified.
  • SCP: Compatibility enhancements in Scp object's PutFile method.
  • SCP: Added a workaround for Bitvise's SCP that closes the SCP channel too early.
  • SSH Core: Added FIPS 140-2 compliant mode that is automatically enabled on systems where only compliant algorithms are allowed.
  • SSH Core: Added a new exception status - PasswordChangeRequired - that is used when a password change is required before authentication can be successfully completed.

2009-02-14 Version 2.0.3333.0 #
(build number 3333)

Complete list of changes of version 2.0.3333.0

  • SFTP: Detection of GlobalScape server enhanced to properly detect more versions.
  • SCP: Scp.Logger renamed to Scp.LogWriter to match the other objects including Sftp.
  • SCP: Fixed improper handling of the first success response.
  • ProxySocket: Fixed a bug in Socks4/Socks5 proxy code that made it impossible to use FTP in active mode with these proxies.
  • Cryptography: CertificateStore.FindCertificate overloads that accept DistinguishedName now search for certificates signed by intermediate CAs as well.
  • Cryptography: Enhanced treatment of empty passwords in the PFX loader.
  • Cryptography: Certificates with SubjectAlternativeName extension marked as critical are now treated as not having any e-mail address assigned to them if no e-mail address is found in the extension data.
  • Cryptography: Fixed a bug in DiffeHellmanManaged.ImportParameters method that made it impossible to import key with all parameters filled.
  • SSH Core: Banner message is now logged when using the LogWriter functionality.
  • SSH Core: Added workaround for badly-formed DSA signature produced by SSH Secure Shell 3.1.0 (and possibly other versions).
  • SSH Core: Added a workaround to the Compact Framework version for VanDyke VShell server that sends primes that are one bit longer than expected.

2009-01-12 Version 2.0.3300.0 #
(build number 3300)

Complete list of changes of version 2.0.3300.0

  • SFTP: Added PutFiles and GetFiles method to make it possible to transfer multiple files easily by transferring a whole directory tree or use wildcards.
  • SFTP: Setting ServerType property to Unix now causes '\' not to be treated as a directory separator for the remote server.
  • SFTP: A better exception is now thrown by a method that has been terminated by calling Dispose from another thread.
  • SFTP: Packages for .NET Compact Framework 3.5 added.
  • SFTP: Asynchronous operations now use a thread pool.
  • SFTP: Asynchronous method threads are now named.
  • SCP: Added Scp class to make it possible to transfer files using the legacy SCP protocol.
  • Cryptography: Added support for reading and setting private key comment.
  • Cryptography: Added RootCertificate and LeafCertificate properties to CertificateChain class.
  • Cryptography: Added GetCommonName method to DistinguishedName class.
  • Cryptography: Added IEnumerator support to CertificateChain.
  • Cryptography: Added Equals method to DistinguishedName class.
  • Cryptography: Fixed a bug in OID decoding routine that cased it to occasionally hang on broken input data.
  • Cryptography: Added new Certificate.LoadPfx to make it possible to load keys into machine store.
  • Cryptography: Fixed a problem in Certificate.Decrypt method that made the decryption fail with some rare certificates.
  • Cryptography: Added Certificate.Associate method to make it possible to associate a RSA/DSA crypto service provider with access to a private key with a certificate.
  • SSH Core: Added support for saving PuTTY private keys.
  • SSH Core: Added ChangePassword method to SshSession class to make it possible to change user password.
  • SSH Core: Added support for servers that don't require a password.
  • SSH Core: Fixed a bug in SshSession that caused problems when multiple channels through the same SSH session were used at the same time.

2008-07-23 Version 1.5.3127.0 #
(build number 3127)

Complete list of changes of version 1.5.3127.0

  • SFTP: GetList, GetRawList and GetNameList enhanced to support wildcards. However, they are processed at the client side because SFTP can't do that at the protocol level.
  • SSH Core: Fixed a problem in RSA private key reader that caused an error with some keys.
  • SSH Core: Enhanced packet reader to support oversized SSH packets.

2008-06-14 Version 1.5.3087.0 #
(build number 3087)

Complete list of changes of version 1.5.3087.0

  • ProxySocket: New ISocket interface to make it possible to easily implement custom transport layers.
  • ProxySocket: Fixed an unhandled exception that occured during a failed connection to a proxy specified by an IP address.
  • SFTP: Enhanced initial folder detection to be compatible with more servers.
  • SFTP: Added detection for FTP and SSL servers that are often mistaken with SFTP to produce better exception messages.
  • SFTP: Fixed incorrect ChangeDirectory method behavior with empty path argument.
  • SFTP: Fixed a problem that caused SftpException.Status property to have a incorrect value in some cases.
  • SFTP: Added hostname validity checking to Connect method.
  • SFTP: Added experimental support for CR/CRLF conversion of text files.
  • SSH: Fixed an internal static method that was not thread safe.
  • SSH: PuTTY keys with no password are now supported as well (previously, only PuTTY keys with passwords worked).
  • SSH: Added SSH tunneling capabilities.

2007-12-06 Version 1.5.2896.0 #
(build number 2896)

Complete list of changes of version 1.5.2896.0

  • All: Packages for .NET 3.5 and Visual Studio 2008 now available.

2007-11-11 Version 1.5.2871.0 #
(build number 2871)

Complete list of changes of version 1.5.2871.0

  • SFTP: Fixed a bug in GetInfo and GetFileLength methods that caused an invalid length to be reported for files larger than 4GB.
  • SSH: Changed the authentication routine to be compatible with servers that require a banner message to be sent to the client.
  • SSH: Fixed a bug in block receiving code that occured when a block of certain invalid length was received.
  • SSH: Added support for loading PuTTY private keys.
  • Cryptography: Added support for loading PuTTY private keys.

2007-08-30 Version 1.5.2800.0 #
(build number 2800)

Complete list of changes of version 1.5.2800.0

  • SFTP: Default command and response encoding changed to Encoding.Default instead of standard UTF-8, because a survey of SFTP servers showed that none of them in fact uses UTF-8.
  • SFTP: Added support for authentication using both username/password and public key at the same time.
  • SSH: Added support for Blowfish and Twofish ciphers.
  • SSH: Added support for authentication using both username/password and public key at the same time.
  • Cryptography: Added support for Blowfish and Twofish ciphers.
  • Cryptography: Added new CertificateIssuer class for certificate creation.
  • Cryptography: Added new CertificateChain-based certificate finder.
  • Cryptography: Certificate revocation list is now available in EnvelopedData and SignedData classes.
  • Cryptography: When the CertificateFinder property is changed in EnvelopedData and SignedData Certificate, the new finder is now immediately used to find any missing certificates.
  • Cryptography: Several serialization bugs in EnvelopedData and SignedData classes were fixed.
  • Cryptography: Certificate class has a new Extensions property that makes the extension collection accessible.
  • Cryptography: Various other changes that do not affect the FTP protocol.

2007-05-24 Version 1.5.2700.0 #
(build number 2700)

Complete list of changes of version 1.5.2700.0

  • SFTP: Added ListItemReceived event. This makes it possible to display the list items as they are received, to filter them or to abort the transfer based on previously received items.
  • SFTP: Response receive buffer enlarged to support messages that are slightly over the maximum allowed length, and better error reporting for those that are too large.
  • SFTP: Added another workaround for WeOnlyDo's wodFTPD (FreeFtpD) server that is unable to report the correct file datetime if the local and remote time zones are not the same.
  • Cryptography: CertificateFinder can now be changed even after an EnvelopedData or SignedData has been loaded.

2007-04-20 Version 1.3.2666.0 #
(build number 2666)

Complete list of changes of version 1.3.2666.0

  • SFTP: Added SetFileDateTime method.
  • SFTP: Added FileExists and DirectoryExists methods.
  • SFTP: Added workaround to GetInfo method for WeOnlyDo SFTP server that reports missing files as access denied.
  • SFTP: GetConnectionState no longer fails on disconnected objects.
  • SFTP: Added GetUploadStream and GetDownloadStream methods for stream-based remote file access.
  • SSH: Client no longer announces key exchange and encryption methods that are not supported on its current platform.
  • SSH: Speed drop caused by ineffective data receiving loop was fixed.
  • SSH: Fixed a bug that caused any extra key-exchange to fall.

2007-03-06 Version 1.0.2621.0 #
(build number 2621)

Complete list of changes of version 1.0.2621.0

  • SFTP: IPv6 support with .NET Framework 1.1/2.0/3.0 and .NET Compact Framework 2.0.
  • SSH: Fingerprint property added to SshPrivateKey class.

2007-01-11 Version 1.0.2567.0 #
(build number 2567)

Complete list of changes of version 1.0.2567.0

  • Cryptography: Added PrivateKeyInfo class and an ability to load and save private keys.
  • Cryptography: Fixed a bug in DSAManaged class that made impossible to use keys of some sizes.
  • Cryptography: Random big integer generator optimized.
  • Cryptography: Several typos in documentation fixed.
  • SFTP: Added support for RSA and DSA public key authentication.
  • SFTP: Added workaround for ShellFTP server that has a bad habit of dropping SSH sessions after the SFTP session is closed.
  • SSH: Added support for RSA and DSA public key authentication.
  • SSH: Added support for Diffie-Hellman Group Exchange authentication (RFC 4419).
  • SSH: Fixed a bug that caused Timeout value to be ignored when waiting for the server's initial message.
  • SSH: SshFingerprint class made serializable.

2006-12-12 Version 1.0.2537.0 #
(build number 2537)

Complete list of changes of version 1.0.2537.0

  • SFTP: Initial public release.