Rebex WebSocket

WebSocket library for modern and legacy platforms

Download 30-day free trial Buy from $349
More .NET components

Release notes for Rebex WebSocket for .NET

Released
November252021

R6.0 #

(build 8000 from 2021-11-25)

Support for .NET 6.0!

This release adds a new set of binaries targeting the final version of .NET 6.0. It supports all .NET 6.0 platforms:

  • Windows (x64, x86, ARM64)
  • Linux (x64, ARM32, ARM64)
  • macOS (x64)

Please note that support for Android and iOS/tvOS in .NET 6.0 is still in preview mode. We will fully support these platforms as soon as the corresponding .NET 6.0 update is published.

Detailed list of changes:

  • All: Added a new set of binaries targeting .NET 6.0.
  • All: Removed several obsolete and deprecated APIs.
  • All: Removed support for legacy ISerializable interface from binaries for .NET Standard.
  • SSH: Added support for SSH key algorithms based on ECDSA X.509 certificates (RFC 6187).
Released
November242021

R5.7 #

(build 7999 from 2021-11-24)

Support for .NET 6.0 and Windows 11

Windows 11 is now a supported platform.

Rebex assemblies targeting .NET Standard 2.1 now support .NET 6.0.

Support for PuTTY PPK3 key format

SshPrivateKeyclass, PrivateKeyInfo class and Certificate.SavePrivateKey method now support PuTTY's new PPK version 3 private key format.

Improved TLS 1.3 performance

We made a number of optimizations in the TLS 1.3 core, which increased speed and decreased CPU usage.

Detailed list of changes:

  • All: Added support for .NET 6.0 on Windows, Linux and macOS.
  • All: Added support for Windows 11.
  • SSH: Added support for PuTTY PPK3 format to SshPrivateKey.
  • SSH: Added support for 'x509v3-rsa2048-sha256' SSH key algorithm (RSA X.509 certificates, RFC 6187).
  • SSH: Added workaround for a server with broken SSH window size handling logic.
  • SSH: Fixed handling of oversized data packets from servers with broken window size logic.
  • TLS Core: Improved TLS 1.3 performance.
  • Cryptography: Added more values to X.509 RevocationReason enum.
  • Cryptography: Added support for private keys in PuTTY PPK3 format (uses Argon2 key derivation function).
  • Cryptography: Added workaround for Google's CRLs with non-constructed explicit ASN.1 nodes.
Released
October262021

R5.6 #

(build 7970 from 2021-10-26)

Support for .NET 6.0 RC2

Rebex assemblies targeting .NET Standard 2.1 have been fully tested on .NET 6.0 RC2 and are suitable to be used in production on Microsoft's latest .NET platform ahead of the official release.

Maintenance release

This is a maintenance release with enhancements in the shared functionality.

Detailed list of changes:

  • All: Added support for .NET 6.0 RC2.
  • TLS Core: Fixed possible NullReferenceException in TLS 1.2 socket after it has been closed.
  • TLS Core: Improved handling of exceptions in TlsSocket.Send method.
  • Cryptography: Fixed handling of RSAParameters without DP/DQ in AsymmetricKeyAlgorithm and PrivateKeyInfo.
  • Cryptography: Fixed loading of encrypted keys with empty passwords in new OpenSSH format.
  • Cryptography: Small optimization in AVX2 implementation of ChaCha20.
Released
August172021

R5.5 #

(build 7900 from 2021-08-17)

New binaries for .NET Core 3.1

We added a new set of binaries targeting .NET Core 3.1. We have already been supporting that platform since 2019 via .NET Standard 2.1. However, the new set of binaries utilizes .NET Core's hardware intrinsics API and features our fast ChaCha20/Poly1305 implementation that has been previously only available on .NET 5.0.

For an overview of available binaries and supported platforms, check out Rebex Support Lifecycle KB article.

Detailed list of changes:

  • All: Added 'netcoreapp3.1' binaries.
Released
August052021

R5.4 #

(build 7888 from 2021-08-05)

Maintenance release

This release resolves several issues in the shared functionality.

Detailed list of changes:

  • Networking: Fixed casing in 'Basic' HTTP proxy authorization header.
  • TLS Core: Fixed parsing of TLS 1.3 Certificate handshake message spanning multiple records.
  • Cryptography: Fixed Certificate.FriendlyName setter in .NET 5.0 on non-Windows platforms.
Released
June182021

R5.3 #

(build 7840 from 2021-06-18)

Fixed FIPS-mode detection in .NET 4.8

This release fixes an issue in FIPS-mode detection routine that was not working properly in applications targeting .NET Framework 4.8 due to a change in the framework's behavior. This only affects applications targeting .NET Framework 4.8. Applications targeting earlier framework versions do not suffer from this issue even when running on .NET Framework 4.8.

If your application targets .NET Framework 4.8 and is supposed to honor system-wide FIPS mode settings, either upgrade to this release, or set Rebex.Security.Cryptography.CryptoHelper.UseFipsAlgorithmsOnly to System.Security.Cryptography.CryptoConfig.AllowOnlyFipsAlgorithms in your application's startup code.

Detailed list of changes:

  • SSH: Fixed race condition in OpenSSH-style compression startup code (occasionally caused connection failures during authentication with SSH compression was enabled).
  • TLS Core: Added SslSettings.SetPreferredSuites/GetPreferredSuites methods to make it possible to specify client-side TLS cipher preference.
  • TLS Core: Improved logging when remote party does not support TLS 1.3.
  • TLS Core: Optimized TlsSocket.Negotiate method when TLS 1.3 is enabled but not supported by the remote side.
  • TLS Core: Prevented 'unobserved' exceptions in task-based TLS 1.2 core.
  • Cryptography: Added support for private keys using PBKDF2 with HMAC/SHA-2 (RFC 8018 / PKCS #5 v2.1).
  • Cryptography: Fixed detection of FIPS-only systems on .NET Framework 4.8.
  • Cryptography: Optimized creation of algorithm objects in CNG layer.
Released
May092021

R5.2 #

(build 7800 from 2021-05-09)

New ChaCha20Poly1305 class

This release features the new ChaCha20Poly1305 class that implements the 'combined mode' AEAD cipher consisting of ChaCha20 stream cipher and Poly1305 authenticator, as specified by RFC 7539.

Faster ChaCha20/Poly1305 on older platforms

We further improved performance of ChaCha20/Poly1305 in TLS and SSH on older platforms. It's not as fast as our .NET 5.0 implementation using AVX2 or Advanced NEON SIMD, but it's faster than ever before.

Detailed list of changes:

  • Networking: Added support for SOCKS5 servers that respond with domain name.
  • SSH: Optimized usage of ChaCha20/Poly1305 in SSH.
  • Cryptography: Added ChaCha20Poly1305 class that implements ChaCha20/Poly1305 with an API that resembles .NET's AesGcm class.
  • Cryptography: Added support for loading of ECDSA certificates from PFX/P12 files in .NET 5.0 and .NET Standard 2.1 on Linux and macOS.
  • Cryptography: Added support for saving to PFX/P12 files for certificates with temporarily associated private keys in .NET 5.0 and .NET Standard 2.1 on Linux and macOS.
  • Cryptography: AVX2 implementation of ChaCha20 releases old pre-generated keystream immediately after reinitialization.
  • Cryptography: Clearing output data in AesGcm class when authentication tag is invalid.
  • Cryptography: Fixed parsing of Cryptographic Message Syntax envelopes with unsupported OIDs.
  • Cryptography: Improved ChaCha20/Poly1305 performance on .NET 3.5-4.6 and .NET Standard 2.x.
  • Cryptography: Improved performance of AES/CTR ciphers (used in SSH).
  • Common: Improved error handling when raising events via synchronization context.
Released
March032021

R5.1 #

(build 7733 from 2021-03-03)

Simplified release naming

We decided to drop the year from our release naming scheme. Instead of '2020 R5.1', this release is called just 'R5.1', and the forthcoming releases will use the same 'R5.x' naming scheme until the next major upgrade.

Faster ChaCha20/Poly1305 in .NET 5.0

By utilizing AVX2 (on Intel/AMD) or Advanced NEON SIMD (on ARM) via .NET's new hardware intrinsics API in .NET 5.0, we made our ChaCha20/Poly1305 implementation in SSH and TLS much faster. On ARM64, ChaCha20/Poly1305 is now even faster than Windows native AES/GCM.

This release improves ChaCha20/Poly1305 performance on older platforms as well, although not by such a big margin.

Detailed list of changes:

  • All: Changed release naming scheme ('R5.1' instead of '2020 R5.1').
  • Networking: Added workaround for rare WSAEWOULDBLOCK error on Mono in Socket.Connect.
  • Networking: More meaningful exception is throw when attempting to use HTTP CONNECT proxy with NTLM authentication on platforms that don't support it.
  • Networking: Optimized timeout infrastructure in ProxySocket.Connect.
  • SSH: Added workaround for WingFTPServer server that uses 'ssh-rsa' with SHA-2 when client announces RSA/SHA-2 support.
  • SSH: Fixed format of SshPublicKey.GetPublicKey() response for public keys initialized from PublicKeyInfo or AsymmetricAlgorithm.
  • SSH: Fixed handling of unknown channel requests (not sending reply if not requested).
  • TLS Core: Added VerifyMessage signature algorithm logging in TLS 1.3.
  • TLS Core: Close/Dispose method called on TLS 1.3 socket ensures that all outstanding IO operations are canceled before the control is returned to the caller.
  • TLS Core: Fixed possible rare NullReferenceException when closing TLS 1.3 session.
  • TLS Core: Synchronous methods on TlsSocket wrap TaskCanceledException to TlsException.
  • Cryptography: Added workaround to Certificate.LoadDer method to enable loading of certificates in PKCS #7 containers.
  • Cryptography: Enhanced implicit operator for conversion of Certificate->X509Certificate2 to retain private keys on non-Windows platforms as well.
  • Cryptography: Fixed Ed25519 PKCS #8 key structure (now compatible with OpenSSL).
  • Cryptography: Optimized memory usage in symmetric encryption transformations based on Windows CNG API.
  • Cryptography: Substantial speed-up of ChaCha20/Poly1305 (used in SSH and TLS). Utilizing AVX2 or Advanced NEON SIMD on .NET 5.0 (if available).
  • Common: Accelerated common byte array operations in .NET 5.0 on devices with AVX2 support.
Released
November102020

2020 R5 #

(build 7620 from 2020-11-10)

Support for .NET 5.0!

This release adds a new set of binaries targeting the final version of .NET 5.0. It supports all .NET 5.0 platforms:

  • Windows (x64, x86, ARM64)
  • Linux (x64, ARM32, ARM64)
  • macOS (x64)

Support for Ed25519 X.509 certificates in TLS 1.3

We added support for TLS 1.3 with X.509 certificates using Ed25519 algorithm (EdDSA on edwards25519 curve) to all Rebex components with TLS support.

However, due to limitations of .NET and all supported operating systems, a custom certificate validator is needed to validate Ed25519 certificates.

New AES/GCM API

Our new Rebex.Security.Cryptography.AesGcm class resembles .NET 5.0's class of the same name, but it's available on all supported platforms including .NET Framework 3.5/4.0 and Mono 5/6.

Detailed list of changes:

  • All: Added support for .NET 5.0 on all platforms.
  • TLS Core: Added support for X.509 certificates with Ed25519 keys to TLS 1.3.
  • TLS Core: Improved exception messages in TLS 1.3.
  • Cryptography: Added built-in support for Ed25519 algorithm.
  • Cryptography: Added Rebex.Security.Cryptography.AesGcm class (equivalent to .NET 5.0's AesGcm class, but available on all platforms including .NET Framework 3.5).
  • Cryptography: Added SetOtherNames/GetOtherNames methods to CertificateInfo class ('Other Name' support in SANs).
  • Cryptography: AsymmetricKeyAlgorithm.ImportKey method can initialize Ed25519 key from seed (in addition to private key).
  • Cryptography: AsymmetricKeyAlgorithm.Register method made thread-safe.
  • Cryptography: Deprecated CryptoHelper.ForceManagedAes property.
  • Cryptography: Enhanced compatibility with unsupported legacy versions of CryptoAPI.
  • Cryptography: Enhanced SignedData.Load(Stream) and EnvelopedData.Load(Stream) methods to support Base64-encoded format (PEM) as well.
  • Cryptography: Enhanced workaround for RSA CSPs with lack of SHA-2 support.
  • Common: Added SspiAuthentication.IsSupported method.
  • Common: Enhanced EncodingTools helper class to always provide Encodings with implemented HeaderName, EncodingName and BodyName properties.
Released
September302020

2020 R4 #

(build 7579 from 2020-09-30)

Fully tested on .NET 5.0 RC1

Rebex assemblies targeting .NET Standard 2.1 have been fully tested on .NET 5.0 RC1 and are suitable to be used in production on Microsoft's latest .NET platform.

Maintenance release

This is a maintenance release with enhancements in the shared functionality.

Detailed list of changes:

  • All: Fixed several minor compatibility issues on .NET 5.0 RC1.
  • Networking: Restored missing NetworkSession.InstanceId property.
  • TLS Core: Fixed concurrent access in server-side TLS session cache.
  • TLS Core: Fixed normalization of premaster secret in server-side ECDH calculations in TLS 1.2 and earlier.
  • TLS Core: Updated TlsCipherSuite.Secure/Weak/Fast enum values. Updated TlsParameters.AllowedSuite default.
  • Cryptography: Added Ed25519 support to Certificate class. (Not yet supported by the built-in certificate validator due to lack of support in Windows and .NET).
  • Cryptography: Fixed handling of non-content data in Certificate(byte[]) constructor and CertificateChain.LoadP7b(Stream) / CertificateRevocationList.Load(Stream) methods.
  • Cryptography: Fixed parsing of constructed primitive ASN.1 types with more than two layers of nesting.
  • Cryptography: Fixed version number in PKCS #10 CertificationRequest structure.
  • Cryptography: Prohibited usage of Chacha20/Poly1305 in TLS 1.3 in FIPS-only mode. (Already prohibited in TLS 1.2 or earlier.)
  • Cryptography: Updated RSAManaged constructor logic to make it suitable as a base for derived classes on .NET Framework in FIPS-compliant mode.
  • Cryptography: Using Windows CNG API for Diffie-Hellman parameter generation on Windows 10 and Windows Server 2016/2019.
  • Common: Optimized internal cancellation infrastructure on old platforms.
  • Common: Removed usage of BinaryFormatter which has been found to be insecure.
  • Common: Updated EncodingTools.GetEncoding method to prefer encodings provided by .NET.
Released
July142020

2020 R3 #

(build 7501 from 2020-07-14)

Binaries for .NET Standard 2.1

We added a new set of binaries targeting .NET Standard 2.1. They are suitable for .NET Core 3.1 and .NET 5.0 Preview 6, on Windows, Linux and macOS.

For an overview of available binaries and supported platforms, check out Rebex Support Lifecycle KB article.

Improved TLS core

This release brings enhancements, optimizations and fixes in the TLS core.

Detailed list of changes:

  • All: Added binaries targeting .NET Standard 2.1.
  • SSH: Enhanced legacy group exchange autodetection.
  • TLS Core: Added TlsSocket.ApplicationProtocol property to make it possible to determine protocol negotiated using ALPN extension.
  • TLS Core: Always preferring RSA/SHA-2 for client certificate authentication in TLS 1.2.
  • TLS Core: Disabled ciphers based on AES/CBC and SHA-2 in legacy versions of TLS (they are only specified by TLS 1.2).
  • TLS Core: Fixed availability of TLS 1.3 session tickets (client side).
  • TLS Core: Fixed handling of multiple concurrent Receive or Send method calls in TLS 1.3.
  • TLS Core: Fixed handling of TLS 1.3 KeyUpdate handshake message.
  • TLS Core: Fixed server name handling for TlsSocket instances created from an already-connected Socket.
  • TLS Core: Fixed TlsException.Status to return ConnectionClosed for connection-closed errors.
  • TLS Core: Fixed TlsException.Status to return Timeout for timeout errors.
  • TLS Core: Fixed TlsSocket.ClientCertificate that returned an empty chain instead of null in some scenarios.
  • TLS Core: Improved error message when server certificate is rejected in TLS 1.3.
  • TLS Core: Improved error messages in TLS 1.3.
  • TLS Core: Logging improvements.
  • TLS Core: No longer sending 'internal error' alert to remote end on timeout.
  • TLS Core: Optimized TLS 1.3 internals.
  • TLS Core: TLS 1.3 initiates key update properly (before the AEAD limits are reached).
  • TLS Core: Unified behavior of the Receive and ReceiveAsync methods across TLS versions.
  • Cryptography: Fixed encoding of ECDSA signatures in PKCS #7 CertificationRequest structure.
  • Cryptography: Memory usage optimizations in CNG layer.
  • Cryptography: On Windows 10 and Windows Server 2016 or higher, Windows CNG API is used for classic Diffie-Hellman calculations instead of legacy Windows CryptoAPI.
  • Cryptography: Optimized disposing of temporary keys in Certificate class.
  • WebSocket: Enhanced keep-alive logic. Pings are now send from Poll method as well if appropriate.
Released
May242020

2020 R2 #

(build 7450 from 2020-05-24)

Maintenance release

This is a maintenance release with enhancements in the shared functionality.

Detailed list of changes:

  • SSH: Added new properties to SshCipher to make it possible to determine IDs of active ciphers.
  • SSH: Added workaround for a weakness in legacy CBC ciphers.
  • TLS Core: Enhanced TlsSocket.Timeout property to apply to subsequent Send, SendAsync, Receive and ReceiveAsync methods even when TLS is already active.
  • TLS Core: Fixed availability of TLS 1.3 session ticket when the receive side of the connection has already been closed.
  • TLS Core: Fixed behavior of server-side DoNotCacheSessions option (which previously led to connection failures).
  • TLS Core: Fixed some cases of missing AggregateException unwrapping.
  • TLS Core: Improved and unified behavior of TlsSocket Shutdown/ShutdownAsync methods when negotiation has not been started.
  • TLS Core: Improved TLS exception reporting.
  • TLS Core: Logging improvements.
  • TLS Core: Optimizations in TLS 1.3 internals.
  • TLS Core: Support for the TLS 1.3 record with empty application data payload and random padding.
  • TLS Core: Unified TlsSocket.Cipher property behavior across TLS versions.
  • Cryptography: Added ContentInfo.ToStream() method.
  • Cryptography: Enhanced Certificate.LoadDerWithKey to support RSASSA-PSS and RSAES-OAEP for RSA keys.
  • Cryptography: Fixed AsymmetricKeyAlgorithm.GenerateDiffieHellmanParameters slowness (only affected the previous release).
  • Cryptography: Improved AsymmetricKeyAlgorithm to support RSASSA-PSS and RSAES-OAEP with keys loaded via ImportKey method.
  • Cryptography: Optimized Certificate and CertificateChain class to only consume native resources when needed.
  • Cryptography: Optimized CNG handles cleanup.
Released
March252020

2020 R1.1 #

(build 7390 from 2020-03-25)

Reintroducing fast Diffie-Hellman on Xamarin.Android

Until 2019 R4.2, Rebex binaries for Xamarin.Android platforms used Android's cryptographic API for Diffie-Hellman calculations. However, this functionality is no longer available in current Rebex binaries targeting Xamarin.Android via .NET Standard 2.0. To make it possible to use the faster Diffie-Hellman implementation on Xamarin.Android again, we have added it to our native extensions library. Once enabled, it will make Diffie-Hellman key exchange in TLS as fast on Xamarin.Android as before.

Detailed list of changes:

  • Networking: Fixed rare race condition in TLS and SSH internals.
  • TLS Core: Fixed breaking changes in the behavior of seldom-used parts of TlsSocket API.
  • TLS Core: Fixed handling of OperationCanceledException in TLS 1.3 core.
  • TLS Core: Improved TLS logging.
  • Common: Added DiffieHellmanNative class to Rebex.Common.Native assembly (speeds up Diffie-Hellman calculations on Xamarin.Android).
Released
February212020

2020 R1 #

(build 7357 from 2020-02-21)

.NET Standard 2.0 on Xamarin.Android and Xamarin.iOS

Rebex binaries targeting .NET Standard 2.0 are now supported on Xamarin.Android and Xamarin.iOS. Previously-available binaries targeting specific Xamarin platforms have been deprecated, and .NET Standard 2.0 binaries should be used instead.

Note: Applications that require certificate validation also need to use the new Rebex.Common.Native.dll assembly which provides validation of X.509 certificates on Xamarin.Android and Xamarin.iOS.

ChaCha20-Poly1305 support in TLS 1.3 and 1.2

Our TLS 1.3/1.2 core now supports the following ChaCha20-Poly1305 cipher suites:

  • TLS_CHACHA20_POLY1305_SHA256 (TLS 1.3)
  • TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256 (TLS 1.2)
  • TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 (TLS 1.2)
  • TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 (TLS 1.2)

To enable these ciphers, use Settings.SetSymmetricCipherSuites(...) method for TLS 1.3 and Settings.SslAllowedSuites property for TLS 1.2.

Native X25519 elliptic curve support on Windows 10

On Windows 10, Windows Server 2016 and Windows Server 2019, Rebex components using ECDH key exchange in TLS or SSH now support X25519 curve (also known as Curve25519) without any external plugins.

End of Standard Support for .NET Framework 2.0 and 3.0

2019 R4.2 was the last release to include support for .NET Framework 2.0 and 3.0 in the standard package. Customers using these platforms are advised to migrate to .NET Framework 3.5 SP1, which will enjoy mainstream support until 2023-10-10.

For customers who are unable to migrate, a Legacy Edition of Rebex components for .NET Framework 2.0/3.0 is available.

Deprecated .NET Core 1.0/1.1

.NET Core 1.1 and 1.0 became end-of-life platforms at 2019-06-27. In accordance with our framework support policy, they are no longer supported by Rebex components. Customers using these platforms are advised to migrate to .NET Core 2.1 or .NET Core 3.1.

Detailed list of changes:

  • All: Binaries targeting .NET Standard 2.0 now support Xamarin.Android and Xamarin.iOS.
  • All: Deprecated binaries targeting .NET Standard 1.5, Xamarin.Android and Xamarin.iOS.
  • All: Fixed several occurences of culture-sensitive string formatting.
  • All: Fixed several occurrences of wrong synchronization context.
  • All: Mainstream edition no longer supports .NET Framework 2.0/3.0 and .NET Core 1.0/1.1.
  • SSH: Added full support for Elliptic Curve Diffie-Hellman (ECDH) on Windows 10, Windows Server 2016 and Windows Server 2019.
  • SSH: Added support for 'curve25519-sha256' key exchange cipher (equivalent to already-supported 'curve25519-sha256@libssh.org').
  • SSH: Enhanced performance of ChaCha20-Poly1305 cipher ('chacha20-poly1305@openssh.com') in SSH client.
  • SSH: Fixed possible deadlock in SSH client when processing incoming EOF packet while waiting for remote receive buffer size to increase.
  • TLS Core: Added asynchronous methods to TlsSocket base class.
  • TLS Core: Added SetSymmetricCipherSuites/GetSymmetricCipherSuites methods to configure enabled TLS 1.3 cipher suites.
  • TLS Core: Added support for ChaCha20-Poly1305 cipher suites to TLS 1.3 and 1.2.
  • TLS Core: Fixed behavior of TlsSocket methods after Dispose has been called.
  • TLS Core: Fixed behavior of TlsSocket.Shutdown.
  • TLS Core: Improved argument checks in TlsSocket base class.
  • TLS Core: Improved multi-pass parsing of the TLS 1.3 records.
  • TLS Core: Many optimizations in TLS 1.3 core.
  • Cryptography: Added full support for Elliptic Curve Diffie-Hellman (ECDH) on Windows 10, Windows Server 2016 and Windows Server 2019.
  • Cryptography: Added native support for ECDH with X25519 curve on Windows 10, Windows Server 2016 and Windows Server 2019.
  • Common: Internal optimizations.
Released
January152020

2019 R4.2 #

(build 7320 from 2020-01-15)

Maintenance release

This release solves several issues in the shared functionality.

Detailed list of changes:

  • SSH: Fixed possible deadlock during SSH renegotiation (client-side).
  • TLS Core: Fixed renegotiation in TLS 1.2 (has been broken since 2019 R4).
  • Cryptography: Added workaround for RSA signatures shorter than the key size (.NET Core on Linux is unable to handle them).
  • Cryptography: Fixed AsymmetricKeyAlgorithm.GetRawPublicKey() key format when RSA via MS CNG is in use.
  • Cryptography: Only known external plugins are allowed for enhanced security.
  • Cryptography: Saving public key as well when saving X25519 private keys.
Released
December162019

2019 R4.1 #

(build 7290 from 2019-12-16)

.NET Core 3.1 support

.NET Core 3.1 is now supported on the following platforms:

  • Windows (x64, x86, ARM32)
  • Windows 10 IoT (x64, x86, ARM32)
  • Linux (x64, ARM32)
  • macOS (x64)

TLS 1.3 improvements

This release fixes several issues in our new TLS 1.3 core. If you are already using TLS 1.3, upgrading to this release is recommended.

Please note that TLS 1.3 support is not enabled by default yet to prevent interoperability issues with legacy third-party servers. To enable it, use SslAllowedVersions setting, as described in our TLS 1.3 support announcement.

Detailed list of changes:

  • All: Added support for .NET Core 3.1.
  • All: Added support for Mono 6.x.
  • Networking: Added missing 'buffer' argument check to some Send/Receive methods in ProxySocket/TlsSocket.
  • Networking: Fixed unhandled ObjectDisposedException or misleading SocketException when ProxySocket.Connect aborted due to timeout.
  • SSH: Added a workaround for a bug introduced in OpenSSH 8.0 that rejects 'sender channel' numbers in the upper half of uint32 range.
  • SSH: Added SshEncryptionMode.AEAD (to replace SshEncryptionMode.GCM).
  • SSH: Added support for ChaCha20-Poly1305 AEAD cipher ('chacha20-poly1305@openssh.com') to SSH client.
  • TLS Core: Added support for RSASSA-PSS signatures in TLS 1.2 when TLS 1.3 has been enabled.
  • TLS Core: Avoid unwanted truncation of outgoing TLS 1.3 messages when TlsSocket is disposed.
  • TLS Core: Enhanced error message when no suitable curve is available.
  • TLS Core: Fixed compatibility issue with Xamarin's "Sdk Assemblies Only" option.
  • TLS Core: Fixed exception type to TlsException for TLS 1.3 errors.
  • TLS Core: Fixed handling of TLS 1.3 PSK-KE.
  • TLS Core: Fixed check of signature algorithm in TLS 1.3 CertificateVerify.
  • TLS Core: Fixed occasional failure when negotiating TLS 1.2 or lower when TLS 1.3 is allowed.
  • TLS Core: Fixed order of supported signature schemes in TLS 1.3 ClientHello message.
  • TLS Core: Fixed parsing of fragmented TLS 1.3 handshake messages.
  • TLS Core: Fixed parsing of the TLS 1.3 KeyShare extension.
  • TLS Core: Fixed potential NullReferenceException when TLS 1.3 negotiation has been interrupted unexpectedly.
  • TLS Core: Fixed selection of signature algorithm used in CertificateVerify handshake messages.
  • TLS Core: Not announcing support for X.509 certificates with Ed25519 or RSASSA-PSS public key OID (not supported yet).
  • TLS Core: Optimizations in TLS 1.3 internals.
  • Cryptography: Added workaround for bad RSA/PSS signature algorithm identifiers with missing parameters.
  • Cryptography: Enabled workaround for private key loading from Mono key store in .NET Standard edition on Mono.
  • Cryptography: Enhanced 'Invalid key format' error message when loading a private key.
  • Cryptography: Fixed serial number handling in CertificateIssuer to conform to RFC 5280 constraints.
  • Common: Binaries for .NET Standard 1.5 now use System.Collections.NonGeneric instead of custom implementations.
  • Common: Enabled Xamarin.Android workarounds in .NET Standard 2.0 edition.
  • Common: Improved ISafeSerializationData support detection.
Released
October312019

2019 R4 #

(build 7244 from 2019-10-31)

Support for TLS 1.3

WebSocketClient class features support for WebSocket over TLS 1.3.

Detailed list of changes:

  • TLS Core: Added support for ALPN TLS extension to TlsSocket.
  • TLS Core: Added TlsBulkCipherMode.AEAD (to replace TlsBulkCipherMode.GCM).
  • TLS Core: Removed support for two legacy unsecure anonymous ciphers (DH_anon_EXPORT_WITH_DES40_CBC_SHA and DH_anon_EXPORT_WITH_RC4_40_MD5).
  • Cryptography: Added PkcsBase.LoadSignedOrEnvelopedData method (a replacement for deprecated PkcsBase.Load).
  • WebSocket: Added support for TLS 1.3.
  • WebSocket: Optimized operation with KeepAliveInterval of 0.
Released
September232019

2019 R3.2 #

(build 7206 from 2019-09-23)

.NET Core 3.0 support

This release introduces support for .NET Core 3.0 on the following platforms:

  • Windows (x64, x86, ARM32)
  • Windows 10 IoT (x64, x86, ARM32)
  • Linux (x64, ARM32)
  • macOS (x64)

Windows 10 IoT support

This release introduces support for .NET Core 3.0 on Windows 10 IoT on x64, x86 and ARM32 platforms.

Detailed list of changes:

  • All: Added support for .NET Core 3.0.
  • All: Added support for Windows 10 IoT (via .NET Core 3.0).
  • SSH: Added SshGssApiCredentials.AccountName property to make it possible to specify an account name to be passed to the SSH server.
  • SSH: Added workaround for legacy WS_FTP 7.x servers that encode long SSH packets improperly.
  • SSH: Fixed SshChannel.SendEof method not to send EOF when channel has already been closed.
  • Common: Optimized internal Task infrastructure on old .NET platforms.
Released
August092019

2019 R3.1 #

(build 7161 from 2019-08-09)

Removed SSL 3.0 from TlsVersion.Any

TlsVersion.Any is no longer used by any Rebex component, but it might be used in custom applications. This could present a security issue because until now, TlsVersion.Any still used to contain TlsVersion.SSL30. SSL 3.0, a predecessor to TLS 1.0 protocol, has been published in 1996. It is comprehensively broken and should no longer be used. Application that still use it violate RFC 7568, which deprecated SSL 3.0 in 2015.

Detailed list of changes:

  • All: Added support for serialization on Xamarin.Android and Xamarin.iOS platforms.
  • TLS Core: Modified TlsVersion.Any to only include TLS 1.0, 1.1 and 1.2.
  • Cryptography: Fixed handling of user-supplied RSACng in AsymmetricKeyAlgorithm and SshPrivateKey on modern platforms.
Released
June282019

2019 R3 #

(build 7119 from 2019-06-28)

Support for .NET Standard 2.0 on Mono 5.14 and higher

Binaries of Rebex components targeting .NET Standard 2.0 are now also supported on Mono 5.14 and higher.

End of Standard Support for .NET Compact Framework 3.5 and 3.9

2019 R3 is the last release that includes support for .NET Compact Framework 3.5 and 3.9 in the standard package. Starting with 2019 R4, .NET CF 3.5/3.9 will only be supported with Legacy Editions, which will be available as separate products. See their release history.

Detailed list of changes:

  • All: Binaries targeting .NET Standard 2.0 are now supported on Mono 5.14 or higher.
  • SSH: Added SshPrivateKey.Generate(...) methods on .NET Compact Framework.
  • SSH: Added workaround for broken EtM ciphers in OpenSSH 6.6.
  • SSH: Enhanced GlobalScape SSH server detection.
  • SSH: Enlarged upper limit for non-standard DSA keys to 8192 bits on .NET Framework and .NET Core.
  • SSH: Fixed reporting of SSH_MSG_USERAUTH_GSSAPI_ERROR and SSH_MSG_USERAUTH_GSSAPI_ERRTOK responses.
  • TLS Core: Added TlsCipherSuite.Fast enum value.
  • TLS Core: Fixed a bug in server-side mode of TlsSocket that caused client certificate authentication to fail.
  • TLS Core: Internal changes in the TLS layer (in preparation for the upcoming TLS 1.3 support on mainstream platforms).
  • Cryptography: Added Certificate.GetPrivateKeyInfo() method.
  • Cryptography: Added CertificateEngine.LocalMachine engine and CertificateEngine.Bind method.
  • Cryptography: Added support for SHA-224 hash algorithm.
  • Cryptography: Added support for X25519 key format (RFC 8410).
  • Cryptography: Always using AES by default to encrypt PKCS #8 private keys.
  • Cryptography: Meaningful error message for the CNG AEAD auth tag mismatch.
  • Common: Optimized asynchronous continuations on modern platforms.
  • Common: Upgraded Task infrastructure in Xamarin.Android binaries.
Released
May172019

2019 R2 #

(build 7077 from 2019-05-17)

Support for Visual Studio 2019

All Rebex components are now fully supported in Microsoft Visual Studio 2019.

Support for .NET Framework 4.8

.NET Framework 4.8 is a fully supported platform.

Native elliptic curve cryptography on Linux with .NET Core 2.1 or higher

On Linux, binaries for .NET Standard 2.0 now utilize OpenSSL elliptic curve routines via .NET Core 2.1 (or higher), making it possible to use ECDH and ECDSA ciphers in TLS/SSL and SFTP/SSH with no need of external plugins.

Detailed list of changes:

  • All: Added support for .NET Framework 4.8 and Visual Studio 2019.
  • All: Removed leftover Trace.Write logging.
  • SSH: Added dummy support for SSH_MSG_EXT_INFO (RFC 8308).
  • Cryptography: Added CertificationRequest.Save method.
  • Cryptography: Added support for ECDSA and ECDH on .NET Core 2.1/.2.2 on Linux (no need for external plugins).
  • Cryptography: Added workaround for broken export of RSA keys from the CNG providers on Windows 7.
  • Cryptography: Added workaround for CRLs with redundant trailing data to CertificateRevocationList.
  • Cryptography: Added workaround for legacy versions of Mono with lack of SHA-2 support.
  • Common: Asynchronous infrastructure improvements.
Released
March282019

2019 R1 #

(build 7027 from 2019-03-28)

New component: Rebex WebSocket

Rebex WebSocket is a multiplatform WebSocket client library that supports TLS 1.2/1.1/1.0, SHA-2, Server Name Identification (SNI), Renegotiation Indication Extension, Forward Secrecy, ZLIB. These features are available on all supported platforms: .NET Framework, .NET Compact Framework, Mono, Xamarin.iOS and Xamarin.Android.

The new library is available as a standalone package or as a part of Rebex Total Pack.

Detailed list of changes:

  • All: Added binaries targeting .NET Framework 3.5 SP1.
  • All: Added binaries targeting .NET Framework 4.6 and higher.
  • All: Added binaries targeting .NET Standard 2.0.
  • All: Removed long-deprecated API. Deprecated legacy API.
  • Networking: Fixed passing of state to the callback method in ProxySocket.BeginConnect and TlsSocket.BeginConnect.
  • SSH: Changed behavior of SshFingerprint.ToString() and .ToArray() to use SHA-256.
  • SSH: Improved performance of AES/GCM ciphers on .NET Compact Framework and non-Windows platforms.
  • SSH: RSA host keys are preferred to DSA host keys.
  • SSH: SHA-512 is only used during SSH client authentication when the RSA key length allows it.
  • SSH: SshParameters.MinimumRsaKeySize now applies to client RSA keys as well.
  • SSH: Using standard form of Diffie-Hellman group exchange with GlobalScape servers.
  • TLS Core: Fixed passing of state to the callback method in ProxySocket.BeginConnect and TlsSocket.BeginConnect.
  • TLS Core: Improved performance of AES/GCM ciphers on .NET Compact Framework and non-Windows platforms.
  • Cryptography: Fixed behavior of HMAC mode in KeyMaterialDeriver.DeriveKeyMaterial method.
  • Cryptography: Fixed garbage collection issue with PFX-based certificate keys on non-Windows platforms.
  • Cryptography: Fixed handling of shared secred padding in AsymmetricKeyAlgorithm.GetKeyMaterialDeriver.
  • Cryptography: Fixed possible NullReferenceException in CertificationRequest.GetAlternativeHostnames method.
  • Common: Fixed Certificate.Associate with permanent bind on .NET Compact Framework to ensure the key is not garbage-collected.
  • Common: LocalItem constructor no longer fails on items with invalid paths.
  • WebSocket: Initial release.