Release notes for Rebex HTTPS for .NET

2018-01-11 Version 2017 R6.3 #
(build number 6586)

Maintenance release

This is a maintenance release with enhancements in the shared functionality.

Complete list of changes of version 2017 R6.3

  • Cryptography: Added support for RSAES-OAEP with input parameter (label).
  • Cryptography: Added support for RSAES-OAEP with mismatched hash algorithms.
  • Cryptography: Fixed initialization of EncryptionAlgorithm property in MailMessage.Recipients collection items.
  • Cryptography: Added support for RSASSA-PSS with mismatched hash algorithms.
  • Cryptography: Fixed CNG private key conversion workaround.

2017-12-21 Version 2017 R6.2 #
(build number 6565)

Faster AES on Windows

Rebex components now use Windows CNG for AES symmetric encryption algorithm when available. CNG implementation of AES is faster and takes advantage of AES-NI instructions.

On-the-fly data uploads

Our HttpRequest object now supports AllowWriteStreamBuffering and SendChunked properties, making it possible to upload large amounts of data to the server.

Fixed leaking of HTTP sessions

Unfortunately, Rebex HTTPS 2016 R6 introduced a bug in the HTTP session cache that caused sessions to never be reused.

Complete list of changes of version 2017 R6.2

  • HTTP: Added AllowWriteStreamBuffering and SendChunked properties, making it possible to perform on-the-fly uploads.
  • HTTP: Added HttpRequest.ContentLength in .NET Standard/.NET Core and Universal Windows Platform (UAP) editions.
  • HTTP: Enhanced platform info logging.
  • HTTP: Fixed HTTP session cache that ceased to work in 2017 R6, causing a memory leak.
  • HTTP: Fixed a bug in parsing of missing Content-Encoding values.
  • Proxy: ProxySocket constructor requires a connected socket now.
  • SSH: Added SshParameters.UseLegacyGroupExchange option to make it possible to force using legacy or standard form of SSH Diffie-Hellman group exchange packet.
  • TLS/SSL: Fixed handling of duplicate suites in ClientHello packets.
  • Cryptography: Added CertificateChain.LoadDer method to load a chain of Base64-encoded certificates.
  • Cryptography: Fast CNG implementation of AES (which takes advantage of AES-NI instructions) is used when available.
  • Cryptography: Added workaround for broken X509Certificate.GetPublicKey() on Mono 5.4.
  • Cryptography: Added a workaround for GPG's gpgsm utility that required some SignedData fields to be DER-encoded.

2017-11-20 Version 2017 R6.1 #
(build number 6534)

Native elliptic curve cryptography on Windows Embedded Compact 2013

Rebex components now utilize MS CNG API on .NET Compact Framework 3.9 / Windows Embedded Compact 2013, making it possible to use ECDH and ECDSA ciphers in TLS/SSL and SFTP/SSH with no need of external plugins.

Maintenance release

This is a maintenance release with improvements, bugfixes or workarounds.

Complete list of changes of version 2017 R6.1

  • HTTP: Added WebClient.Encoding property to specify charset for string-based methods.
  • HTTP: Added DownloadProgressChanged/UploadProgressChanged events do WebClient class.
  • HTTP: Added HttpRequest.AutomaticDecompression property.
  • HTTP: Fixed handling of multiple headers with same header name in .NET Standard edition.
  • HTTP: HttpResponse.ContentLength returns -1 to indicate 'value not specified'.
  • HTTP: Fixed a bug in handling HttpRequest.Headers that could cause headers to be duplicated in some scenarios.
  • HTTP: Added null value check to HttpRequest.Headers setter.
  • HTTP: HttpResponse.ContentLength property is now set to -1 (not specified) when receiving automatically decompressed content.
  • HTTP: HttpResponse.GetResponseStream() handles unsupported Content-Encoding values now.
  • SSH: Added SshPublicKey.LoadPublicKeys method that supports loading OpenSSH's 'authorized_keys' files.
  • Cryptography: Enhanced custom CRL downloader for .NET Compact Framework to handle all 3xx redirect codes.
  • Cryptography: Enhanced Certificate.LoadDer to handle files with multiple certificates (loads the first one).
  • Cryptography: Enabled usage of MS CNG API in .NET Compact Framework 3.9 edition on Windows Embedded Compact 2013 when appropriate.
  • Cryptography: Fixed detection of AES/GCM support.
  • Cryptography: Fixed detection of native Brainpool and secp256k1 support.
  • Cryptography: Added 'params' to CertificateInfo.SetExtendedUsave/SetAlternativeHostnames methods.
  • Cryptography: Fixed null handling in CertificateInfo.MailAddress.
  • Cryptography: Fixed empty block processing in AES/GCM.
  • Common: Added workaround for broken Encoding.ASCII encoder on legacy Mono platforms.
  • Common: Enhanced SSPI error reporting.
  • Common: Fixed platform info in logs on macOS.

2017-10-25 Version 2017 R6 #
(build number 6508)

AES/GCM support in TLS/SSL on all platforms

We added support for TLS ciphers based on AES/GCM (AES in Galois/Counter Mode) symmetric encryption algorithm:

  • ECDHE_RSA_WITH_AES_128_GCM_SHA256
  • ECDHE_RSA_WITH_AES_256_GCM_SHA384
  • ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
  • ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
  • DHE_RSA_WITH_AES_128_GCM_SHA256
  • DHE_RSA_WITH_AES_256_GCM_SHA384
  • DHE_DSS_WITH_AES_128_GCM_SHA256
  • DHE_DSS_WITH_AES_256_GCM_SHA384
  • RSA_WITH_AES_128_GCM_SHA256
  • RSA_WITH_AES_256_GCM_SHA384

These ciphers are available on all supported platforms including .NET 2.0/3.5 and .NET Compact Framework.

Complete list of changes of version 2017 R6

  • All: Added support for DSA key generation on .NET Core on Windows.
  • HTTP: Changed default User-Agent header value to "Rebex HTTPS". When HttpRequest.UserAgent is set to null, the header is not sent.
  • HTTP: Multi-value headers are sent as single comma-separated header.
  • HTTP: Proxy communication is now logged (using HttpRequestCreator.LogWriter object).
  • HTTP: Redirected keep-alive requests reuse original request's session if possible.
  • Networking: Fixed PortRange binding (an issue introduced in previous release).
  • Networking: Fixed ReceiveBufferSize/SendBufferSize propagation (an issue introduced in previous release). This was observed to cause slowdown on Windows platform in some scenarios.
  • Proxy: Fixed handling of IP-based host names in proxy name resolving routine (an issue introduced in previous release).
  • TLS/SSL: Added support for AES/GCM to TLS.
  • TLS/SSL: Added TlsCipherSuite.Weak enum.
  • Cryptography: Added support for RSAES-OAEP encryption to EnvelopedData/RecipientInfo objects (CMS / PKCS #7).
  • Cryptography: Added support for RSAES-OAEP encryption to Encrypt/Decrypt methods in Certificate and AsymmetricKeyAlgorithm classes.
  • Cryptography: Added support for DSA key generation on .NET Core 1.1 on Windows.
  • Cryptography: Added support for RSASSA-PSS signatures to SignMessage/VerifyMessage methods in Certificate and AsymmetricKeyAlgorithm classes.
  • Cryptography: Enhanced environment info logging.
  • Cryptography: Fixed KeySize property of RSAManaged and DSAManaged to return the proper size for key sizes that are not evenly divisible by 8.
  • Cryptography: Added support for RSASSA-PSS signatures to SignedData/SignerInfo objects (CMS / PKCS #7).
  • Cryptography: Added support for legacy MD4 algorithm.
  • Cryptography: Fixed saving of Brainpool keys (used wrong OID).
  • Cryptography: Fixed handling of ED25519 keys in PrivateKeyInfo.
  • Cryptography: Fixed CertificateStore private key saving on Mono.
  • Common: Environment info is now logged when creating an instance of FileLogWriter.

2017-09-08 Version 2017 R5 #
(build number 6461)

New fully supported platforms: .NET Core 1.1 and 2.0 on Windows

This release adds full support for .NET Core 2.0 and 1.1 on Windows. Support for .NET Core on Linux and macOS is still experimental.

Support for .NET Standard 1.5, 1.6 and 2.0 (on .NET Core 1.1 and 2.0)

All Rebex components support .NET Standard 1.5, 1.6 and 2.0 on .NET Core 1.1 and 2.0. Support for other platforms (such as .NET Standard on .NET 4.6.x) is still experimental.

Complete list of changes of version 2017 R5

  • All: Added support for .NET Core 1.1 and 2.0 on Windows.
  • HTTP: Fixed handling of HTTP paths with double-slash ('//').
  • Proxy: Added support for "http://" URLs in Proxy.Host.
  • Cryptography: Added HTTP redirect handling to CRL downloader on .NET Compact Framework.
  • Cryptography: Added workaround to enable SHA-2 on legacy operating systems (such as pre-SP3 Windows XP).
  • Cryptography: Using ASN.1 GeneralizedTime for dates greater than 2050.
  • Cryptography: Enhanced logging of some SSPI errors.
  • Cryptography: Added workaround for invalid or empty HTTP header names.
  • Common: Enabled SHA-2 support workaround for legacy RSA providers.
  • Common: Using custom IBM 437 encoding on .NET Compact Framework.

2017-08-04 Version 2017 R4.1 #
(build number 6426)

Maintenance release

This is a maintenance release with several improvements, bugfixes and workarounds.

Complete list of changes of version 2017 R4.1

  • HTTP: Enhanced exception messages for errors at TLS/SSL layer.
  • Cryptography: Enhanced RSAES-OAEP support.
  • Cryptography: Added CertificateStore.Add method (replacement for deprecated CertificateStore.AddCertificate method).
  • Cryptography: Added KeySetOptions.PreferCng and KeySetOptions.AlwaysCng options.
  • Cryptography: Fixed AsymmetricKeyAlgorithm.Dispose method.
  • Cryptography: Fixed AsymmetricKeyAlgorithm.CreateFrom method (always honors the ownsAlgorithm argument now).

2017-06-30 Version 2017 R4 #
(build number 6391)

Support for CNG Key Storage Providers

Rebex Certificate class now fully supports RSA, DSA and ECDSA private keys stored in Windows CNG Key Storage Providers.

Native support for Brainpool (P-256 R1, P-384 R1, P-512 R1) and secp256k1 elliptic curves on Windows 10

Windows 10 (and Windows Server 2016) added native support for additional Elliptic Curve DSA (ECDSA) / Elliptic Curve Diffie-Hellman (ECDH) curves including secp256k1, Brainpool P-256 R1, P-384 R1 and P-512 R1, and Rebex classes can take advantage of them now (in addition to NIST P-256/P-384/P-521 curves).

Brainpool curves have already been supported by our TLS/SSL library and can be used with the following ciphers:

  • TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
  • TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
  • TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
  • TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
  • TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA
  • TLS_ECDHE_ECDSA_WITH_RC4_128_SHA
  • TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
  • TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
  • TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
  • TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
  • TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA
  • TLS_ECDHE_RSA_WITH_RC4_128_SHA

For earlier Windows and other operating systems, Brainpool curves are available through external plugins.

Complete list of changes of version 2017 R4

  • All: Deprecated .NET Compact Framework 2.0, Windows (Store) 8.0 and Windows (Store/Phone) 8.1 platforms.
  • All: Lots of improvements in experimental .NET Core / .NET Standard edition.
  • HTTP: Added HttpResponse.Cipher property to make it possible to determine information about the TLS cipher used by the underlying TLS/SSL session.
  • HTTP: Fixed broken WebClient.UploadString(...) method.
  • HTTP: Fixed handling of null in HttpRequestCreator.SetSocketFactory() method.
  • HTTP: Fixed handling of relative or broken redirect locations.
  • SSH: Added SshParameters.CompressionLevel option to make it possible to specify the desired compression level for SSH.
  • SSH: Deprecated SshPrivateKey.CreateSignature, VerifySignature and an old variant of the SshPrivateKey.Save method.
  • SSH: Added SshPublicKey.GetPublicKeyInfo() method.
  • Cryptography: Added support for certificates with private keys stored in CNG Key Storage Providers.
  • Cryptography: Compatibility enhancements in Certificate public/private key operations and AsymmetricKeyAlgorithm class.
  • Cryptography: Added Certificate.GetPublicKeyInfo() method.
  • Cryptography: Fixed PublicKeyInfo.GetKeySize() method that used to throw an exception for ECDSA and ED keys.
  • Cryptography: Added native support for secp256k1, Brainpool P-256 R1, P-384 R1 and P-512 R1 on Windows 10 and Windows Server 2016.
  • Cryptography: Fixed default hash algorithm detection in SignMessage/VerifyMessage methods in Certificate and AsymmetricKeyAlgorithm classes.
  • Cryptography: Experimental support for CMS (PKCS #7) decryption with RSA/OAEP/SHA-1 (RSAES-OAEP defined by RFC 3447).
  • Cryptography: Fixed 'Unexpected PFX length' error when exporting 4096-bit RSA certificates into PFX/P12 file.

2017-05-09 Version 2017 R3 #
(build number 6339)

NuGet packages

Rebex components just got official NuGet packages!

If you have an active subscription, you will get NuGet packages as part of Rebex components. These are supposed to be added to your private NuGet repository.

Rebex packages are available at NuGet.org as well.

Experimental support for .NET Standard 1.5 and NET Core

This release adds experimental support for .NET Core (or rather .NET Standard 1.5/1.6) to all Rebex components.

In addition to .NET Core on Windows, Linux and macOS, .NET Standard edition of Rebex components can be used on any platform with .NET Standard 1.5 support. This currently includes .NET 4.6.2 and .NET 4.7, and hopefully other platforms soon.

Please note that 'experimental' support means that this edition has not yet reached the 'mainstream' support phase, and the API is subject to change. Any feedback is greatly appreciated.

Support for .NET Framework 4.7

.NET Framework 4.7 is a fully supported platform.

Complete list of changes of version 2017 R3

  • All: Added NuGet packages.
  • All: Added experimental support for .NET Core and .NET Standard 1.5.
  • All: Added workaround for a breaking change in Exception.Data on recent Xamarin.Android.
  • All: Added support for .NET Framework 4.7.
  • HTTP: Fixed redirection handling when the new location points to a different HTTPS server.
  • Cryptography: Enhanced error messages in AsymmetricKeyAlgorithm.
  • Cryptography: Custom certificate validator now behaves like MS CryptoAPI validator when dealing with RSA key sizes shorter than 1024 bits; MD5 signature hash algorithm is always considered to be weak for non-root certificates.
  • Cryptography: Added support for .PFX/.P12 saving on .NET Compact Framework (requires Windows CE 5.0 or later).
  • Common: Fixed incorrect handling of CNG RSA keys.

2017-03-22 Version 2017 R2 #
(build number 6291)

ECDSA certificate support in TLS/SSL

All Rebex components utilizing our TLS/SSL library now support the following TLS ciphers based on Elliptic Curve DSA (ECDSA) algorithm:

  • TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
  • TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
  • TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
  • TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
  • TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA
  • TLS_ECDHE_ECDSA_WITH_RC4_128_SHA

Supported curves:

  • NIST P-256
  • NIST P-384
  • NIST P-521

Please note that external plugins are needed for these algorithms and curves on some platforms.

Support for Visual Studio 2017

All Rebex components are now fully supported in Microsoft Visual Studio 2017. Older Visual Studio versions (2008 and higher) and .NET Framework versions (2.0 and higher) are still supported as well.

Experimental support for Universal Windows Platform

This release introduces experimental support for Universal Windows Platform (Windows 10, Windows 10 Mobile, Windows 10 IoT).

Minor ISocket API changes

Legacy parts of ISocket interface were moved into ISocketExt interface. If you implemented a custom transport layer using the ISocket API, make sure to implement ISocketExt instead when upgrading to this release.

Seldom-used static methods in CryptoHelper class were removed. If you need any of them, please let us know.

Complete list of changes of version 2017 R2

  • All: Mono 2.10 is no longer supported. (Mono 3.x and 4.x still supported.)
  • HTTP: Fixed issues in HTTP client connection pool.
  • HTTP: Added HttpSessionCacheEnabled and SslSessionCacheEnabled options to HttpSettings.
  • HTTP: Added workaround for servers that use DEFLATE instead of Zlib.
  • Networking: Added logging of environment and platform information.
  • Networking: Enhanced target address logging when connecting.
  • Networking: HTTP core provides better inner exceptions on errors.
  • Networking: Legacy members of custom transport layer API moved from ISocket to ISocketExt.
  • Proxy: Fixed ProxySocket.Connect(...) on Mono 2.10.
  • SSH: Enhanced cipher mismatch error reporting during SSH negotiation to produce informative error messages.
  • SSH: Added GetSupportedMacAlgorithms/GetSupportedEncryptionAlgorithms/GetSupportedKeyExchangeAlgorithms static methods to SshParameters.
  • SSH: Added support for client key authentication using 'rsa-sha2-256', 'rsa-sha2-512' and 'ssh-rsa-sha256@ssh.com' algorithms.
  • SSH: Added OpenSSH-style fingerprint support to SshFingerprint class.
  • TLS/SSL: Added support for Elliptic Curve DSA to TLS 1.2/1.1/1.0.
  • TLS/SSL: Fixed unexpected connection closure handling in TlsSocket.
  • TLS/SSL: Fixed handling of Timeout value in TlsSocket.Receive.
  • Cryptography: Added support for Elliptic Curve DSA to Certificate/CertificateChain/CertificateIssuer classes.
  • Cryptography: SignMessage/VerifyMessage methods added to AsymmetricKeyAlgorithm.
  • Cryptography: Renamed KeyDerivationOptions class to KeyDerivationParameters.
  • Cryptography: Removed seldom-used static methods from CryptoHelper.
  • Cryptography: CertificateIssuer class made available on .NET Compact Framework.
  • Cryptography: Fixed TLS 1.0/1.1 on FIPS-only Windows with disabled UseFipsAlgorithmsOnly.
  • Cryptography: Enhanced CertificateIssuer API.
  • Cryptography: Fixed PrivateKeyInfo.KeyAlgorithm that returned non-standard values for some ECDSA keys.
  • Cryptography: Fixed handling of padding in ECDSA private keys stored using the new OpenSSH format.
  • Cryptography: Fixed weak algorithm detection in .NET Compact Framework custom certificate verifier.

2017-02-08 Version 2017 R1 #
(build number 6249)

New component: Rebex HTTPS

Rebex HTTPS is an HTTP/HTTPS client library that supports TLS 1.2/1.1/1.0, SHA-2, Server Name Identification (SNI), Renegotiation Indication Extension, Forward Secrecy, ZLIB. These features are available on all supported platforms: .NET Framework, .NET Compact Framework, Mono, Xamarin.iOS and Xamarin.Android.

The library is available as a standalone package or as a part of Rebex Total Pack.

Complete list of changes of version 2017 R1

  • HTTP: Initial release.