More .NET components

Release notes for Rebex File Server for .NET

2017-09-08 Version 2017 R5 #
(build number 6461)

New fully supported platforms: .NET Core 1.1 and 2.0 on Windows

This release adds full support for .NET Core 2.0 and 1.1 on Windows. Support for .NET Core on Linux and macOS is still experimental.

Support for .NET Standard 1.5, 1.6 and 2.0 (on .NET Core 1.1 and 2.0)

All Rebex components support .NET Standard 1.5, 1.6 and 2.0 on .NET Core 1.1 and 2.0. Support for other platforms (such as .NET Standard on .NET 4.6.x) is still experimental.

Complete list of changes of version 2017 R5

  • All: Added support for .NET Core 1.1 and 2.0 on Windows.
  • File Server: Fixed unwanted pseudo-link persistence in MountCapableFileSystemProvider.
  • File Server: Fixed a possible temporary deadlock in SFTP subsystem triggered when channel's receive buffers on both client and server got full at the same time.
  • Proxy: Added support for "http://" URLs in Proxy.Host.
  • Cryptography: Added HTTP redirect handling to CRL downloader on .NET Compact Framework.
  • Cryptography: Added workaround to enable SHA-2 on legacy operating systems (such as pre-SP3 Windows XP).
  • Cryptography: Using ASN.1 GeneralizedTime for dates greater than 2050.
  • Cryptography: Enhanced logging of some SSPI errors.
  • Cryptography: Added workaround for invalid or empty HTTP header names.
  • Cryptography: Fixed handling of HTTP paths with double-slash ('//').
  • Common: Enabled SHA-2 support workaround for legacy RSA providers.
  • Common: Using custom IBM 437 encoding on .NET Compact Framework.

2017-08-04 Version 2017 R4.1 #
(build number 6426)

Maintenance release

This is a maintenance release with several improvements, bugfixes and workarounds in the shared functionality.

Complete list of changes of version 2017 R4.1

  • Cryptography: Enhanced RSAES-OAEP support.
  • Cryptography: Added CertificateStore.Add method (replacement for deprecated CertificateStore.AddCertificate method).
  • Cryptography: Added KeySetOptions.PreferCng and KeySetOptions.AlwaysCng options.
  • Cryptography: Fixed AsymmetricKeyAlgorithm.Dispose method.
  • Cryptography: Fixed AsymmetricKeyAlgorithm.CreateFrom method (always honors the ownsAlgorithm argument now).

2017-06-30 Version 2017 R4 #
(build number 6391)

Custom file system support

Rebex File Server now features a rich custom file system provider API. This can be used to implement virtual file systems, or custom file systems that store data in a database, in the cloud, or elsewhere. Additionally, the built-in mount-capable virtual file system provider makes it possible to construct virtual file systems composed from multiple unrelated providers.

Support for CNG Key Storage Providers

Rebex Certificate class now fully supports RSA, DSA and ECDSA private keys stored in Windows CNG Key Storage Providers.

Complete list of changes of version 2017 R4

  • All: Deprecated .NET Compact Framework 2.0, Windows (Store) 8.0 and Windows (Store/Phone) 8.1 platforms.
  • All: Lots of improvements in experimental .NET Core / .NET Standard edition.
  • File Server: Added Rebex.FileSystem assembly with support for custom file system providers.
  • File Server: Added GetInputStream/GetOutputStream/GetErrorStream methods to SshConsole. This makes it possible to implement advanced custom commands.
  • File Server: Added Unix-like 'cp' (copy) command to virtual shell.
  • File Server: Enhanced handling of ShellCommand event handler errors.
  • File Server: Added DisconnectedEventArgs.User property.
  • File Server: Implemented IDisposable in FileServer/Server classes.
  • File Server: Enhanced logging of info requests for non-existent items.
  • File Server: Added ServerSession.GetCurrent() static method.
  • File Server: Added FileServer.Settings.GetItemInfoRequiresListPermission option to make it possible to specify whether item info retrieval requires List permission or Read permission.
  • File Server: Enhanced handling of failed channel requests.
  • File Server: Virtual root accessibility is checked before initializing the SFTP subsystem now.
  • File Server: Added workaround for wrong error code reported as last error when deleting non-existent file.
  • SSH: Added SshParameters.CompressionLevel option to make it possible to specify the desired compression level for SSH.
  • SSH: Deprecated SshPrivateKey.CreateSignature, VerifySignature and an old variant of the SshPrivateKey.Save method.
  • SSH: Added SshPublicKey.GetPublicKeyInfo() method.
  • Cryptography: Added support for certificates with private keys stored in CNG Key Storage Providers.
  • Cryptography: Compatibility enhancements in Certificate public/private key operations and AsymmetricKeyAlgorithm class.
  • Cryptography: Added Certificate.GetPublicKeyInfo() method.
  • Cryptography: Fixed PublicKeyInfo.GetKeySize() method that used to throw an exception for ECDSA and ED keys.
  • Cryptography: Added native support for secp256k1, Brainpool P-256 R1, P-384 R1 and P-512 R1 on Windows 10 and Windows Server 2016.
  • Cryptography: Fixed default hash algorithm detection in SignMessage/VerifyMessage methods in Certificate and AsymmetricKeyAlgorithm classes.
  • Cryptography: Experimental support for CMS (PKCS #7) decryption with RSA/OAEP/SHA-1 (RSAES-OAEP defined by RFC 3447).
  • Cryptography: Fixed 'Unexpected PFX length' error when exporting 4096-bit RSA certificates into PFX/P12 file.

2017-05-09 Version 2017 R3 #
(build number 6339)

NuGet packages

Rebex components just got official NuGet packages!

If you have an active subscription, you will get NuGet packages as part of Rebex components. These are supposed to be added to your private NuGet repository.

Rebex packages are available at as well.

Experimental support for .NET Standard 1.5 and NET Core

This release adds experimental support for .NET Core (or rather .NET Standard 1.5/1.6) to all Rebex components.

In addition to .NET Core on Windows, Linux and macOS, .NET Standard edition of Rebex components can be used on any platform with .NET Standard 1.5 support. This currently includes .NET 4.6.2 and .NET 4.7, and hopefully other platforms soon.

Please note that 'experimental' support means that this edition has not yet reached the 'mainstream' support phase, and the API is subject to change. Any feedback is greatly appreciated.

Support for .NET Framework 4.7

.NET Framework 4.7 is a fully supported platform.

Complete list of changes of version 2017 R3

  • All: Added NuGet packages.
  • All: Added experimental support for .NET Core and .NET Standard 1.5.
  • All: Added workaround for a breaking change in Exception.Data on recent Xamarin.Android.
  • All: Added support for .NET Framework 4.7.
  • File Server: Fixed unreadable packet names in some exception messages.
  • File Server: Added support for single quotes in virtual shell.
  • Cryptography: Enhanced error messages in AsymmetricKeyAlgorithm.
  • Cryptography: Custom certificate validator now behaves like MS CryptoAPI validator when dealing with RSA key sizes shorter than 1024 bits; MD5 signature hash algorithm is always considered to be weak for non-root certificates.
  • Cryptography: Added support for .PFX/.P12 saving on .NET Compact Framework (requires Windows CE 5.0 or later).
  • Common: Fixed incorrect handling of CNG RSA keys.

2017-03-22 Version 2017 R2 #
(build number 6291)

SSH client authentication using RSA with SHA-2

All Rebex components utilizing our SSH library now support client public/private key authentication based on RSA with SHA-2:

  • rsa-sha2-256
  • rsa-sha2-256

Support for Visual Studio 2017

All Rebex components are now fully supported in Microsoft Visual Studio 2017. Older Visual Studio versions (2008 and higher) and .NET Framework versions (2.0 and higher) are still supported as well.

Minor ISocket API changes

Legacy parts of ISocket interface were moved into ISocketExt interface. If you implemented a custom transport layer using the ISocket API, make sure to implement ISocketExt instead when upgrading to this release.

Seldom-used static methods in CryptoHelper class were removed. If you need any of them, please let us know.

Complete list of changes of version 2017 R2

  • All: Mono 2.10 is no longer supported. (Mono 3.x and 4.x still supported.)
  • File Server: Fixed an issue in renegotiation that caused connection failure in some scenarios.
  • File Server: Fixed incompatibilities in rsa-sha2-256/rsa-sha2-512 signature format.
  • File Server: Added support for client key authentication using 'rsa-sha2-256', 'rsa-sha2-512' and '' algorithms.
  • Networking: Added logging of environment and platform information.
  • Networking: Enhanced target address logging when connecting.
  • Networking: HTTP core provides better inner exceptions on errors.
  • Networking: Legacy members of custom transport layer API moved from ISocket to ISocketExt.
  • Proxy: Fixed ProxySocket.Connect(...) on Mono 2.10.
  • SSH: Enhanced cipher mismatch error reporting during SSH negotiation to produce informative error messages.
  • SSH: Added GetSupportedMacAlgorithms/GetSupportedEncryptionAlgorithms/GetSupportedKeyExchangeAlgorithms static methods to SshParameters.
  • SSH: Added support for client key authentication using 'rsa-sha2-256', 'rsa-sha2-512' and '' algorithms.
  • SSH: Added OpenSSH-style fingerprint support to SshFingerprint class.
  • SSL: Added support for Elliptic Curve DSA to TLS 1.2/1.1/1.0.
  • SSL: Fixed unexpected connection closure handling in TlsSocket.
  • SSL: Fixed handling of Timeout value in TlsSocket.Receive.
  • Cryptography: Added support for Elliptic Curve DSA to Certificate/CertificateChain/CertificateIssuer classes.
  • Cryptography: SignMessage/VerifyMessage methods added to AsymmetricKeyAlgorithm.
  • Cryptography: Renamed KeyDerivationOptions class to KeyDerivationParameters.
  • Cryptography: Removed seldom-used static methods from CryptoHelper.
  • Cryptography: CertificateIssuer class made available on .NET Compact Framework.
  • Cryptography: Fixed TLS 1.0/1.1 on FIPS-only Windows with disabled UseFipsAlgorithmsOnly.
  • Cryptography: Enhanced CertificateIssuer API.
  • Cryptography: Fixed PrivateKeyInfo.KeyAlgorithm that returned non-standard values for some ECDSA keys.
  • Cryptography: Fixed handling of padding in ECDSA private keys stored using the new OpenSSH format.
  • Cryptography: Fixed weak algorithm detection in .NET Compact Framework custom certificate verifier.

2017-02-08 Version 2017 R1 #
(build number 6249)

Support for the new OpenSSH key format

Our SSH based components can now save private keys using the new OpenSSH key format (Base64-encoded keys with "BEGIN OPENSSH PRIVATE KEY" header).

Complete list of changes of version 2017 R1

  • File Server: Added FileServer.Settings.ReceiveBufferSize and SendBufferSize properties.
  • File Server: Fixed handling of several control characters in virtual shell.
  • Networking: Added workaround for a breaking change in Exception.Data on recent Xamarin.iOS.
  • Networking: TlsSocket.Timeout modifies the underlying ISocket.Timeout as well now.
  • Networking: Slightly enhanced certificate rejection reason reporting in TLS.
  • Proxy: Enhanced ProxySocket connection initialization.
  • SSH: Added support for saving private keys in new OpenSSH key format (Base64-encoded keys with "BEGIN OPENSSH PRIVATE KEY" header).
  • SSH: Added support for "rsa-sha2-256" and "rsa-sha2-512" host key algorithms.
  • SSH: Added support for "diffie-hellman-group14-sha256", "diffie-hellman-group15-sha512" and "diffie-hellman-group16-sha512" key exchange algorithms.
  • SSL: Added support for Renegotiation Indication Extension (RFC 5746).
  • SSL: Preferred TLS/SSL ciphers can be now defined (using TlsParameters.SetPreferredSuites method).
  • SSL: Added check for private key accessibility when starting server-side TLS.
  • Cryptography: Added support for ValidationOptions.UseCacheOnly on .NET CF.
  • Cryptography: Substantially optimized CRL parsing code used by enhanced certificate validator on .NET Compact Framework.

2016-12-19 Version 2016 R3 #
(build number 6198)

Elliptic curve cryptography in SSH

All Rebex components utilizing our SSH library now support SSH key exchange algorithms based on Elliptic Curve Diffie-Hellman (ECDH) algorithm and SSH host key algorithms based on Elliptic Curve DSA (ECDSA) and Edwards-curve DSA (EdDSA) algorithms:

  • ecdh-sha2-nistp256
  • ecdh-sha2-nistp384
  • ecdh-sha2-nistp521
  • ecdsa-sha2-nistp256
  • ecdsa-sha2-nistp384
  • ecdsa-sha2-nistp521
  • ssh-ed25519

Please note that external plugins might be needed for some of those algorithms or curves on some platforms.

New OpenSSH key format support

SshPrivateKey and PrivateKeyInfo objects can read server and client keys utilizing the new OpenSSH key format (Base64-encoded keys with "BEGIN OPENSSH PRIVATE KEY" header). This format is usually used to store ED25519 or ECDSA keys.

Fine-tuning enabled ciphers in SSH

Previously, SshParameters only made it possible to enable/disable groups of ciphers. Now, it's possible to fine-tune the list of supported algorithms, including their preferred order (client-side only) using SetKeyExchangeAlgorithms, SetHostKeyAlgorithms, SetEncryptionAlgorithms and SetMacAlgorithms methods. Please note that KeyExchangeAlgorithms, HostKeyAlgorithms, EncryptionAlgorithms and MacAlgorithms properties still apply - a cipher is only used when it is enabled by both the method and property.

Disabled weak algorithms in SSH

Several legacy ciphers are now disabled by default: diffie-hellman-group1-sha1, blowfish-ctr, blowfish-cbc, arcfour256, arcfour128, arcfour. Use SshParameters.KeyExchangeAlgorithms and SshParameters.EncryptionAlgorithms to enable them.

Weak RSA server host keys shorter than 1024 bits are now rejected by default. Use SshParameters.MinimumRsaKeySize property to specify a custom key size.

Complete list of changes of version 2016 R3

  • File Server: Renamed FileServerUser constructor's physicalRootPath argument to virtualRootPath.
  • File Server: Added support for "ecdh-sha2-nistp256", "ecdh-sha2-nistp384", "ecdh-sha2-nistp521" and "" key exchange algorithms (plugins needed to enable them).
  • File Server: Proper maximum packet size used when sending channel data (instead of hardcoded value).
  • File Server: Fixed rename operation that used to fail for directories located in the physical disk's root directory.
  • File Server: Fixed a bug that could cause timeout and session failure during SSH session renegotiation.
  • File Server: Added support for "ecdsa-sha2-nistp256", "ecdsa-sha2-nistp384", "ecdsa-sha2-nistp521" and "ssh-ed25519" host key algorithms (plugins might be needed on some platforms).
  • File Server: Both RSA and DSA certificates can be used as host key at the same time.
  • Networking: Enhanced and optimized HTTP/HTTPS client core.
  • Networking: Connect/Listen methods on ProxySocket/TlsSocket objects now throw an exception when called twice on the same socket.
  • Networking: Added SocketInformation constructor.
  • SSH: Added support for "ecdh-sha2-nistp256", "ecdh-sha2-nistp384", "ecdh-sha2-nistp521" and "" key exchange algorithms (plugins might be needed on some platforms).
  • SSH: Added support for saving keys in new OpenSSH key format (Base64-encoded keys with "BEGIN OPENSSH PRIVATE KEY" header).
  • SSH: Added SetKeyExchangeAlgorithms, SetHostKeyAlgorithms, SetMacAlgorithms methods to SshParameters object to make it possible to fine-tune the list of enabled SSH ciphers.
  • SSH: Legacy Diffie-Hellman group exchange is only used with legacy SSH servers.
  • SSH: Added SshSession.ServerInfo property to make it possible to determine ciphers supported by the SSH server.
  • SSH: Added SshPublicKey.KeySize property.
  • SSH: Added SshParameters.MinimumRsaKeySize property specifying to connect only to SSH servers with RSA server key of given size or higher.
  • SSH: Added support for "ecdsa-sha2-nistp256", "ecdsa-sha2-nistp384", "ecdsa-sha2-nistp521" and "ssh-ed25519" host key algorithms (plugins might be needed on some platforms).
  • SSH: Disabled weak SSH ciphers by default (they can still be enabled explicitly).
  • SSH: Check availability of associated private key when adding a certificate-based server host key.
  • SSL: Added support for Elliptic-Curve based TLS ciphers (TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384, TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDHE_RSA_WITH_RC4_128_SHA) with NIST P-256/P-384/P-521, Curve 25519 and Brainpool P256R1/P384R1/P512R1 curves. Plugins are needed for some of those.
  • SSL: Server name is now passed to TLS server during negotiation (use TlsParameters.CommonName to override it).
  • SSL: Fixed TlsCipherSuite.All to include all recently added cipher suites.
  • SSL: All legacy 'EXPORT1024' ciphers are now prohibited by default in addition to already-prohibited 'EXPORT' ciphers (unless AllowVulnerableSuites option is enabled).
  • SSL: Fixed issues with some legacy TLS/SSL ciphers (all of them were already disabled by default).
  • SSL: Enhanced error reporting in server-side TLS/SSL library.
  • Cryptography: Improved ASN.1 time node parser.
  • Cryptography: Added support for certificate validation on Universal Windows Platform.
  • Cryptography: Added custom X509 certificate validator for .NET Compact Framework with full SHA-2 support on all platforms.
  • Cryptography: Fixed parsing of 'Intended Usage' extension when 'Decipher Only' was specified.
  • Cryptography: Added static Create method to SHA256Managed/SHA384Managed/SHA512Managed classes on .NET Compact Framework.
  • Cryptography: ValidationResult.ErrorCode deprecated and replaced with NativeErrorCode.
  • Cryptography: Optimized memory usage in CMS/PKCS #7 (SingedData/EnvelopedData classes).
  • Cryptography: Added missing argument checks to CertificateIssuer methods.
  • Cryptography: Added support for Base64-encoded files with CRLF end-of-line sequences to CertificateChain.LoadP7b method.
  • Cryptography: Fixed HMAC calculation based on SHA-384 and SHA-512 on NET Compact Framework and Mono platforms.
  • Cryptography: Added Rebex.Security.Certificates.CertificateEngine class to make it possible to implement custom X509 chain building and validation engines.
  • Common: Added ConsoleLogWriter for Xamarin platforms.
  • Common: Added Rebex.TeeLogWriter class that makes it possible to log to multiple log writers.
  • Common: Added LocalItem.GetChecksum methods and related types.

2016-08-26 Version 2016 R2.2 #
(build number 6083)

Maintenance release

This update brings several improvements, workarounds and bugfixes.

Complete list of changes of version 2016 R2.2

  • File Server: Fixed FileUploaded/FileDownloaded events that used to be wrongly called on session failure.
  • SSH: Enhanced handling of errors in FingerprintCheck event handlers.
  • SSL: Fixed a rare issue in abbreviated TLS/SSL negotiation handling.
  • Cryptography: Added CheckCertificate/GetIssuingDistributionPoint methods to CertificateRevocationList class and ValidateRevocationList method to Certificate class.
  • Cryptography: Enhanced SHA-2 support check on .NET Compact Framework.
  • Cryptography: Fixed SHA-2 support in AsymmetricKeyAlgorithm.SignHash on Windows Server 2008 (and possibly other old platforms).
  • Common: Added workaround for broken FileStream.SetLength on some .NET Compact Framework platforms.

2016-07-28 Version 2016 R2.1 #
(build number 6054)

Fixed RSA-based session negotiation

In 2016 R2, File Server always attempted to use RSAManaged to create an RSA signature instead of using RSACryptoServiceProvider whenever possible.

Experimental support for Universal Windows Platform

Rebex File Server binaries for Universal Windows Platform are now available. Supported platforms include Windows 10, Windows 10 Mobile, Windows 10 IoT and possibly Xbox One.

Complete list of changes of version 2016 R2.1

  • File Server: Added FileServer.Settings.ShowHiddenItems option that makes it possible to show file system items with 'hidden' flag from directory listings.
  • File Server: Added experimental File Server binaries for Universal Windows Platform.
  • File Server: Added support for extremely verbose incoming packet logging (log level 0).
  • File Server: Fixed handling of connection protocol packets received during renegotiation.
  • Networking: Fixed ProxySocket.ToEndPoint to throw a more meaningful exception for entries with no IP addresses.
  • SSL: Fixed unreadable TLS debug log messages on Xamarin platforms.
  • SSL: Added workarounds for bugs in Microsoft Schannel implementation of DHE_RSA_* ciphers related to incorrect padding processing.
  • Cryptography: Fixed AsymmetricKeyAlgorithm.SignHash (in 2016 R2, it falls back to RSAManaged without trying to use RSACryptoServiceProvider first).
  • Cryptography: Fixed CertificateIssuer.IssueRevocationList method that ignored signatureHashAlgorithm argument and always used SHA-1.
  • Common: FileLogWriter on Windows Store 8.x / Universal Windows Platform is now thread-safe.
  • Common: Fixed LocalItem(string) constructor on Windows Store 8.x / Universal Windows Platform.
  • Common: Added workaround for broken handling of surrogate pairs when converting to "iso-8859-1" using System.Text.Encoding on Mono 4.x.

2016-06-30 Version 2016 R2 #
(build number 6026)

Support for Xamarin June 2016 Update

June 2016 update of Xamarin.iOS/Xamarin.Android/Xamarin.Mac introduced a breaking change in Mono.Security API that broke compatibility with Rebex components. This issue has been solved in this release.

SHA-2 for all supported .NET Compact Framework platforms

SHA-1 is currently being deprecated (applies to X509 certificates, TLS/SSL and SSH), which poses a problem for legacy .NET Compact Framework platforms based on editions of Windows CE with no native SHA-2 support. To make solutions for these platforms compatible with current TLS/SSL and SSH serves, we added a custom implementation of SHA-2 for these legacy platforms.

Additional SSH host key algorithms

Support for 'x509v3-sign-dss', '' and '' host key algorithms has been added to SFTP, SCP, SSH and File Server components.

Complete list of changes of version 2016 R2

  • File Server: Enhanced error reporting when trying to delete non-empty directories.
  • File Server: Fixed data buffering in SFTP subsystem.
  • File Server: Ssh object now properly closes tunnel listeners when disposed.
  • File Server: Added MaxSessionTransferredBytes and MaxSessionDuration settings to specify when to trigger session renegotiation.
  • File Server: Added FileServer.Settings.UseLargeBuffers option.
  • File Server: Added support for additional server authentication algorithms ('x509v3-sign-dss', '' and '').
  • File Server: Fixed compatibility with Bitvise SSH Client related to text mode.
  • File Server: Fixed error handling in SSH tunnel starter.
  • File Server: Fixed possible NullReferenceException on connection failure.
  • File Server: Added ClientSoftwareIdentifier to PreAuthenticationEventArgs and AuthenticationEventArgs.
  • Networking: Increased default receive buffer size on Windows 8 and higher. Added related Proxy properties to make this configurable.
  • Proxy: ProxySocket object's Connect method now uses the timeout value specified by the Timeout property.
  • SSH: Added support for additional server authentication algorithms ('x509v3-sign-dss', '' and '').
  • SSH: Disabled hmac-sha96 SSH cipher in FIPS mode (it's not compliant).
  • SSH: Fixed error handling in queued background calls (mostly applies to session renegotiation).
  • SSH: Fixed renegotiation handling to allow renegotiation while authenticating.
  • SSH: Fixed DSA client certificate authentication.
  • SSH: Enhanced interactive authentication support to handle uppercase password prompts.
  • SSL: Enhanced SHA-2 support for .NET Compact Framework. SHA-256, SHA-384 and SHA-512 are now supported even on platforms with no native SHA-2 support.
  • SSL: Added Settings.SslSession property to allow resuming specific TLS/SSL sessions.
  • SSL: Fixed record layer 'protocol version' handling.
  • SSL: Enhanced Diffie-Hellman key exchange logging.
  • Cryptography: Fixed detection of native SHA-2 support in .NET Compact Framework version.
  • Cryptography: Added support for more variants of OpenSSL/OpenSSH (SSLeay) key files.
  • Cryptography: Fixed Certificate.Associate to work with DSA keys.
  • Cryptography: Added CrlNumber property to CertificateRevocationList object.
  • Cryptography: Added support for SHA-2 certificates to Certificate.VerifyHash in .NET 2.0 on Windows with FIPS-compliant mode enabled.
  • Cryptography: Certificate.LoadPfx and CertificateChain.LoadPfx methods now specify Exportable options by default (in addition to UserKeySet).
  • Cryptography: Added workaround for RSA implementations that reject rare signatures shorter than the key size.
  • Common: Enhanced SSPI error messages.
  • Common: Fixed LogWriterBase.Level default value.
  • Common: Fixed compatibility issue in Xamarin edition (caused by a breaking change in June 2016 update of Xamarin).

2016-02-10 Version 2016 R1.1 #
(build number 5885)

Experimental assemblies for Xamarin.Mac

Added experimental binaries of most Rebex components (FTP/SSL, SFTP, File Server, Secure Mail, ZIP, Time, Security) for Xamarin.Mac platforms. They are suitable for targeting Xamarin.Mac Mobile Framework and Xamarin.Mac .NET 4.5 Framework projects.

Maintenance release

Experimental binaries of most Rebex components (FTP/SSL, SFTP, File Server, Secure Mail, ZIP, Time, Security) for the Xamarin.Mac platform are now available. They are suitable for targeting both Xamarin.Mac Mobile and Xamarin.Mac .NET 4.5 Framework projects.

Maintenance release

This release includes several hotfixes.

Complete list of changes of version 2016 R1.1

  • SSH: Fixed seldom-used SshSession.Connect(string, int) method that was freezing since 2016 R1.
  • SSH: Added workaround for older version of Bitvise server that don't properly handle SSH channel closing.
  • SSH: Fixed handling of multi-line SSH banner messages.
  • SSH: Fixed a bug in SSH channel window size adjustment.
  • SSH: Fixed potential NullReferenceException error in SshSession.Dispose method.
  • SSL: Disabled any usage of MD5 in TLS 1.2 to prevent SLOTH attacks.

2016-01-11 Version 2016 R1 #
(build number 5855)

SSH tunneling (port forwarding)

Supports for outgoing SSH tunnels (port forwarding) was added.

Mitigation of Logjam attacks

Check for minimum allowed Diffie-Hellman key size (1024 bits) has been added to SSH and TLS/SSL to mitigate Logjam attacks. The minimum value can be changes using Settings.SslMinimumDiffieHellmanKeySize or Settings.SshParameters.MinimumDiffieHellmanKeySize.

File upload/download events in File Server

Added FileUploaded and FileDownloaded events to make it easier to track uploads and downloads.

Server certificate authentication in SSH

Rebex SFTP, Terminal Emulation and File Server now support X509 certificate host key algorithm, making it possible to authenticate servers using a certificate instead of public key.

Enhanced virtual shell support

File Server's virtual shell infrastructure offers Empty shell in addition to Scp shell. It provides no predefined commands (with the exception of exit), making it simple to provide a custom set of commands instead.

Complete list of changes of version 2016 R1

  • All: Added workaround for Xamarin.Android whose Dns.GetHostEntry resolves 'localhost' to device's external IP address.
  • All: Rebex assemblies are now signed with SHA-256 signatures in addition to legacy SHA-1 signatures.
  • File Server: Added port forwarding (TCP tunneling) support.
  • File Server: Enhanced logging of handle-based file system operations (such as closing a file).
  • File Server: IsRunning property added to Server/FileServer objects.
  • File Server: Added FileUploaded/FileDownloaded events.
  • File Server: Starting a server with no bindings now triggers an error.
  • File Server: Fixed wrong session ID in SFTP error log entries.
  • File Server: Fixed handling of empty folders on Windows CE.
  • File Server: Fixed bad P/Invoke declaration (applies to Windows platforms).
  • File Server: Enhanced error reporting in SFTP and SCP and fixed several wrong error codes.
  • File Server: Fixed file delete operation that used to report success when deleting non-existent file on non-Windows platforms.
  • File Server: Fixed compatibility issues with libssh2.
  • File Server: Added proper data window size checks.
  • File Server: Added workaround for wrong error code reported as last error when deleting non-existent file.
  • File Server: Added workaround for Open with Create+Read in .NET-based virtual file system.
  • File Server: Fixed Unbind method that occasionally triggered an error.
  • File Server: Added FileServerProtocol.Shell (replaces FileServerProtocol.Scp). Makes it possible to choose between SCP shell and empty shell when constructing a user object.
  • File Server: Enhanced error handling during initialization. Early closed connections no longer leave the server in an unusable state.
  • File Server: Added workaround for buggy (or malicious) clients that send incomplete disconnect requests.
  • File Server: Added logging of successful and failed authentication attempts.
  • File Server: Added workaround for Windows CE with missing Enhanced DSS and Diffie-Hellman Cryptographic Provider (managed and slow implementation of Diffie-Hellman is used in this case).
  • File Server: Fixed FileServer constructor (used to fail when default charset was multi-byte but not UTF-8).
  • File Server: Unified ShellCommandEventArgs.User and SshConsole.User types.
  • File Server: Added support for certificate-based server authentication (using 'x509v3-sign-rsa algorithm').
  • File Server: Enhanced key negotiation error logging.
  • File Server: Added workaround for Xamarin.Android where it was possible to open a non-existing directory.
  • Proxy: Fixed a bug in SOCKS4/SOCKS5 response reading code that triggered an infinite loop with buggy proxy servers.
  • Proxy: Enhanced DNS resolution error messages.
  • SSH: Enhanced interactive authentication support to make it possible to use AuthenticationRequest event to ask for username and password.
  • SSH: Enhanced rejected authentication logging and error reporting.
  • SSH: Added SshParameters.MinimumDiffieHellmanKeySize value (set to 1024 by default to mitigate Logjam attacks).
  • SSH: No exception is thrown when the server aborts connection instead of closing it (unless a packet is being received).
  • SSH: Enhanced 'no common algorithms' error message.
  • SSH: Refactored SSH core to handle multi-thread scenarios more efficiently.
  • SSH: Added certificate-based constructor to SshPublicKey class.
  • SSH: Added support for certificate-based server authentication (using 'x509v3-sign-rsa algorithm').
  • SSH: Fixed misleading error message when user interactive authentication attempt is rejected.
  • SSH: Added support for one additional 'keyboard-interactive' authentication prompt ('Password for [user@server]:').
  • SSH: Added Settings.PostponeChannelClose option to enable workaround for servers that send channel data or exit code after the channel has been closed.
  • SSH: Added EnableSignaturePadding option that forces signature padding (workaround for SSH servers that got signature padding wrong).
  • SSH: Added logging of debug messages received from SSH server.
  • SSL: TLS 1.2 made compatible with Microsoft's implementation.
  • SSL: Fixed client certificate authentication in TLS 1.2.
  • SSL: Added Settings.SslMinimumDiffieHellmanKeySize value (set to 1024 by default to mitigate Logjam attacks).
  • SSL: Added reliable detection of SHA-2 certificate support.
  • Cryptography: Enhanced cryptographic provider initialization error message.
  • Cryptography: Added workaround for PuTTY keys with bad data at the end.
  • Common: Fixed multi-file operations to never modify input FileSet's BasePath.
  • Common: ThreadPool is now used to handle background operations instead of a custom implementation.
  • Common: Enhanced multithread operation support in log writers.

2015-08-24 Version 2015 R4.1 #
(build number 5715)

Fixed Xamarin mobile platform detection

Fixed platform detection code on Xamarin.iOS and Xamarin.Android.

Complete list of changes of version 2015 R4.1

  • All: Fixed platform detection on Xamarin.Android and Xamarin.iOS.
  • All: Version and platform added to assembly description.

2015-08-09 Version 2015 R4 #
(build number 5700)

Support for Windows 10, .NET Framework 4.6 and Visual Studio 2015

All Rebex components now ship with full support for Windows 10, .NET Framework 4.6 and Microsoft Visual Studio 2015. Older Visual Studio versions (2005 and higher) and .NET Framework versions (2.0 and higher) are still supported as well.

Faster TLS/SSL and SSH negotiation on Xamarin.Android

Our SSH and TLS/SSL libraries now use Java-based Diffie-Hellman on Xamarin.Android, which substantially speeds up SSH and TLS/SSL negotiation when Diffie-Hellman algorithm is used.

Complete list of changes of version 2015 R4

  • All: Enhanced platform detection code.
  • File Server: Added support for UNC paths.
  • File Server: Fixed issues with HMAC-SHA1 and HMAC-MD5 in FIPS-only mode.
  • File Server: Added support for message authentication algorithms based on SHA-2 on .NET Compact Framework (when supported natively).
  • File Server: Fixed handling of "empty" read requests (used to send back EOF instead of an empty block).
  • File Server: Enhanced subsystem shutdown process to prevent exception messages in the log.
  • File Server: LogLevel for SFTP filesystem errors lowered from Debug to Verbose.
  • SSH: Added support for message authentication algorithms based on SHA-2 on .NET Compact Framework (when supported natively).
  • SSH: Fixed NullReferenceException thrown by some SshSession properties (such as IsConnected) when not connected.
  • SSH: SHA-2 is now the preferred message authentication algorithm.
  • SSH: Added support for larger SSH packets.
  • SSL: Unified status handling in ValidatingCertificate events and ICertificateVerifier interface.
  • SSL: Enhanced TLS/SSL version mismatch handling.
  • Cryptography: Fixed final empty block handling in Twofish/Blowfish/ArcTwo TransformFinalBlock with PKCS #7 padding.
  • Cryptography: SSH and TLS/SSL now use Java-based Diffie-Hellman objects on Xamarin.Android platform to speed up negotiation.
  • Common: Fixed end-of-line sequences in LogWriterBase, optimized FileLogWriter.
  • Common: Added workaround for broken ASN.1 time values with the second part of "60".

2015-04-15 Version 2015 R3.1 #
(build number 5584)

File Server bugfixes

Two bugs have been fixed in Rebex File Server. One bug caused errors in WinSCP while uploading files over SFTP, another bug made it impossible to create files and directories whose names contained whitespaces when uploading over SCP.

Complete list of changes of version 2015 R3.1

  • File Server: Fixed SFTP file creation that was not compatible with WinSCP.
  • File Server: Fixed SSH packet names in verbose log.
  • File Server: Fixed handling of filenames with whitespaces in SCP.
  • File Server: Disabled legacy "arcfour" SSH cipher by default.
  • SSH: Disabled legacy "arcfour" SSH cipher by default.
  • SSH: Fixed a bug that caused an algorithm list set by Settings.SshParameters.SetEncryptionAlgorithms to be ignored in FIPS-compliant mode.

2015-04-08 Version 2015 R3 #
(build number 5577)

New component - Rebex File Server

Rebex File Server is an SFTP, SCP and SSH server library. It provides secure remote file system access over an SSH channel using the SFTP or SCP protocols and makes it simple create an SFTP server that can be used by Rebex SFTP or any third-party SFTP, SCP or SSH client. Supports .NET Framework, .NET Compact Framework, Mono, Xamarin.iOS and Xamarin.Android. Available as a standalone package or as a part of Rebex File Transfer Pack, Rebex SSH Pack or Rebex Total Pack.

Complete list of changes of version 2015 R3

  • All: Fixed Version property of Ftp, Imap, Pop3, Scp, Sftp, Smtp and Ssh classes to return a proper version number. Changed Ftp.Version to a static propery to match the other objects.
  • File Server: Initial release.
  • SSH: Enhanced some authentication error messages.
  • SSL: Disabled ciphers based on RC4 to prevend Bar Mitzvah attack on TLS/SSL.
  • Cryptography: Enhanced weak signature algorithm detection during certificate validation on Xamarin.iOS.
  • Common: Connect methods no longer require FileIOPermission (used to determine the assembly version for a log).