Rebex WebSocket

WebSocket library for modern and legacy platforms

Download 30-day free trial Buy from $349

Release notes for Rebex WebSocket for .NET

2020 R2 #

(build 7450 from 2020-05-24)

Maintenance release

This is a maintenance release with enhancements in the shared functionality.

Detailed list of changes:

  • SSH: Added new properties to SshCipher to make it possible to determine IDs of active ciphers.
  • SSH: Added workaround for a weakness in legacy CBC ciphers.
  • TLS Core: Enhanced TlsSocket.Timeout property to apply to subsequent Send, SendAsync, Receive and ReceiveAsync methods even when TLS is already active.
  • TLS Core: Fixed availability of TLS 1.3 session ticket when the receive side of the connection has already been closed.
  • TLS Core: Fixed behavior of server-side DoNotCacheSessions option (which previously led to connection failures).
  • TLS Core: Fixed some cases of missing AggregateException unwrapping.
  • TLS Core: Improved and unified behavior of the TlsSocket Shutdown/ShutdownAsync methods when negotiation has not been started.
  • TLS Core: Improved TLS exception reporting.
  • TLS Core: Logging improvements.
  • TLS Core: Optimizations in TLS 1.3 internals.
  • TLS Core: Support for the TLS 1.3 record with empty application data payload and random padding.
  • TLS Core: Unified TlsSocket.Cipher property behavior across TLS versions.
  • Cryptography: Added ContentInfo.ToStream() method.
  • Cryptography: Enhanced Certificate.LoadDerWithKey to support RSASSA-PSS and RSAES-OAEP for RSA keys.
  • Cryptography: Fixed AsymmetricKeyAlgorithm.GenerateDiffieHellmanParameters slowness (only affected the previous release).
  • Cryptography: Improved AsymmetricKeyAlgorithm to support RSASSA-PSS and RSAES-OAEP with keys loaded via ImportKey method.
  • Cryptography: Optimized Certificate and CertificateChain class to only consume native resources when needed.
  • Cryptography: Optimized CNG handles cleanup.

2020 R1.1 #

(build 7390 from 2020-03-25)

Reintroducing fast Diffie-Hellman on Xamarin.Android

Until 2019 R4.2, Rebex binaries for Xamarin.Android platforms used Android's cryptographic API for Diffie-Hellman calculations. However, this functionality is no longer available in current Rebex binaries targeting Xamarin.Android via .NET Standard 2.0. To make it possible to use the faster Diffie-Hellman implementation on Xamarin.Android again, we have have added it to our native extensions library. Once enabled, it will make Diffie-Hellman key exchange in TLS as fast on Xamarin.Android as before.

Detailed list of changes:

  • Networking: Fixed rare race condition in TLS and SSH internals.
  • TLS Core: Fixed breaking changes in the behavior of seldom-used parts of TlsSocket API.
  • TLS Core: Fixed handling of OperationCanceledException in TLS 1.3 core.
  • TLS Core: Improved TLS logging.
  • Common: Added DiffieHellmanNative class to Rebex.Common.Native assembly (speeds up Diffie-Hellman calculations on Xamarin.Android).

2020 R1 #

(build 7357 from 2020-02-21)

.NET Standard 2.0 on Xamarin.Android and Xamarin.iOS

Rebex binaries targeting .NET Standard 2.0 are now supported on Xamarin.Android and Xamarin.iOS. Previously-available binaries targeting specific Xamarin platforms have been deprecated, and .NET Standard 2.0 binaries should be used instead.

Note: Applications that require certificate validation also need to use the new Rebex.Common.Native.dll assembly which provides validation of X.509 certificates on Xamarin.Android and Xamarin.iOS.

ChaCha20-Poly1305 support in TLS 1.3 and 1.2

Our TLS 1.3/1.2 core now supports the following ChaCha20-Poly1305 cipher suites:

  • TLS_CHACHA20_POLY1305_SHA256 (TLS 1.3)

To enable these ciphers, use Settings.SetSymmetricCipherSuites(...) method for TLS 1.3 and Settings.SslAllowedSuites property for TLS 1.2.

Native X25519 elliptic curve support on Windows 10

On Windows 10, Windows Server 2016 and Windows Server 2019, Rebex components using ECDH key exchange in TLS or SSH now support X25519 curve (also known as Curve25519) without any external plugins.

End of Standard Support for .NET Framework 2.0 and 3.0

2019 R4.2 was the last release to include support for .NET Framework 2.0 and 3.0 in the standard package. Customers using these platforms are advised to migrate to .NET Framework 3.5 SP1, which will enjoy mainstream support until 2023-10-10.

For customers who are unable to migrate, a Legacy Edition of Rebex components for .NET Framework 2.0/3.0 is available.

Deprecated .NET Core 1.0/1.1

.NET Core 1.1 and 1.0 became end-of-life platforms at 2019-06-27. In accordance with our framework support policy, they are no longer supported by Rebex components. Customers using these platforms are advised to migrate to .NET Core 2.1 or .NET Core 3.1.

Detailed list of changes:

  • All: !!! WARNING: CMP-22 has no release note. Edit value in JIRA. Use '-' to skip including this case in release notes. !!! !!! WARNING: CMP-22 has no components assigned. Adding fake component. Change it in JIRA. !!!
  • All: Binaries targeting .NET Standard 2.0 now support Xamarin.Android and Xamarin.iOS.
  • All: Deprecated binaries targeting .NET Standard 1.5, Xamarin.Android and Xamarin.iOS.
  • All: Fixed several occurences of culture-sensitive string formatting.
  • All: Fixed several occurrences of wrong synchronization context.
  • All: Mainstream edition no longer supports .NET Framework 2.0/3.0 and .NET Core 1.0/1.1.
  • SSH: Added full support for Elliptic Curve Diffie-Hellman (ECDH) on Windows 10, Windows Server 2016 and Windows Server 2019.
  • SSH: Added support for 'curve25519-sha256' key exchange cipher (equivalent to already-supported '').
  • SSH: Enhanced performance of ChaCha20-Poly1305 cipher ('') in SSH client.
  • SSH: Fixed possible deadlock in SSH client when processing incoming EOF packet while waiting for remote receive buffer size to increase.
  • TLS Core: Added asynchronous methods to TlsSocket base class.
  • TLS Core: Added SetSymmetricCipherSuites/GetSymmetricCipherSuites methods to configure enabled TLS 1.3 cipher suites.
  • TLS Core: Added support for ChaCha20-Poly1305 cipher suites to TLS 1.3 and 1.2.
  • TLS Core: Fixed behavior of TlsSocket methods after Dispose has been called.
  • TLS Core: Fixed behavior of TlsSocket.Shutdown.
  • TLS Core: Improved argument checks in TlsSocket base class.
  • TLS Core: Improved multi-pass parsing of the TLS 1.3 records.
  • TLS Core: Many optimizations in TLS 1.3 core.
  • Cryptography: Added full support for Elliptic Curve Diffie-Hellman (ECDH) on Windows 10, Windows Server 2016 and Windows Server 2019.
  • Cryptography: Added native support for ECDH with X25519 curve on Windows 10, Windows Server 2016 and Windows Server 2019.
  • Common: Internal optimizations.

2019 R4.2 #

(build 7320 from 2020-01-15)

Maintenance release

This release solves several issues in the shared functionality.

Detailed list of changes:

  • SSH: Fixed possible deadlock during SSH renegotiation (client-side).
  • TLS Core: Fixed renegotiation in TLS 1.2 (has been broken since 2019 R4).
  • Cryptography: Added workaround for RSA signatures shorter than the key size (.NET Core on Linux is unable to handle them).
  • Cryptography: Fixed AsymmetricKeyAlgorithm.GetRawPublicKey() key format when RSA via MS CNG is in use.
  • Cryptography: Only known external plugins are allowed for enhanced security.
  • Cryptography: Saving public key as well when saving X25519 private keys.

2019 R4.1 #

(build 7290 from 2019-12-16)

.NET Core 3.1 support

.NET Core 3.1 is now supported on the following platforms:

  • Windows (x64, x86, ARM32)
  • Windows 10 IoT (x64, x86, ARM32)
  • Linux (x64, ARM32)
  • macOS (x64)

TLS 1.3 improvements

This release fixes several issues in our new TLS 1.3 core. If you are already using TLS 1.3, upgrading to this release is recommended.

Please note that TLS 1.3 support is not enabled by default yet to prevent interoperability issues with legacy third-party servers. To enable it, use SslAllowedVersions setting, as described in our TLS 1.3 support announcement.

Detailed list of changes:

  • All: Added support for .NET Core 3.1.
  • All: Added support for Mono 6.x.
  • Networking: Added missing 'buffer' argument check to some Send/Receive methods in ProxySocket/TlsSocket.
  • Networking: Fixed unhandled ObjectDisposedException or misleading SocketException when ProxySocket.Connect aborted due to timeout.
  • SSH: Added a workaround for a bug introduced in OpenSSH 8.0 that rejects 'sender channel' numbers in the upper half of uint32 range.
  • SSH: Added SshEncryptionMode.AEAD (to replace SshEncryptionMode.GCM).
  • SSH: Added support for ChaCha20-Poly1305 AEAD cipher ('') to SSH client.
  • TLS Core: Added support for RSASSA-PSS signatures in TLS 1.2 when TLS 1.3 has been enabled.
  • TLS Core: Avoid unwanted truncation of outgoing TLS 1.3 messages when TlsSocket is disposed.
  • TLS Core: Enhanced error message when no suitable curve is available.
  • TLS Core: Fixed compatibility issue with Xamarin's "Sdk Assemblies Only" option.
  • TLS Core: Fixed exception type to TlsException for TLS 1.3 errors.
  • TLS Core: Fixed handling of TLS 1.3 PSK-KE.
  • TLS Core: Fixed check of signature algorithm in TLS 1.3 CertificateVerify.
  • TLS Core: Fixed occasional failure when negotiating TLS 1.2 or lower when TLS 1.3 is allowed.
  • TLS Core: Fixed order of supported signature schemes in TLS 1.3 ClientHello message.
  • TLS Core: Fixed parsing of fragmented TLS 1.3 handshake messages.
  • TLS Core: Fixed parsing of the TLS 1.3 KeyShare extension.
  • TLS Core: Fixed potential NullReferenceException when TLS 1.3 negotiation has been interrupted unexpectedly.
  • TLS Core: Fixed selection of signature algorithm used in CertificateVerify handshake messages.
  • TLS Core: Not announcing support for X.509 certificates with Ed25519 or RSASSA-PSS public key OID (not supported yet).
  • TLS Core: Optimizations in TLS 1.3 internals.
  • Cryptography: Added workaround for bad RSA/PSS signature algorithm identifiers with missing parameters.
  • Cryptography: Enabled workaround for private key loading from Mono key store in .NET Standard edition on Mono.
  • Cryptography: Enhanced 'Invalid key format' error message when loading a private key.
  • Cryptography: Fixed serial number handling in CertificateIssuer to conform to RFC 5280 constraints.
  • Common: Binaries for .NET Standard 1.5 now use System.Collections.NonGeneric instead of custom implementations.
  • Common: Enabled Xamarin.Android workarounds in .NET Standard 2.0 edition.
  • Common: Improved ISafeSerializationData support detection.

2019 R4 #

(build 7244 from 2019-10-31)

Support for TLS 1.3

WebSocketClient class features support for WebSocket over TLS 1.3.

Detailed list of changes:

  • TLS Core: Added support for ALPN TLS extension to TlsSocket.
  • TLS Core: Added TlsBulkCipherMode.AEAD (to replace TlsBulkCipherMode.GCM).
  • TLS Core: Removed support for two legacy unsecure anonymous ciphers (DH_anon_EXPORT_WITH_DES40_CBC_SHA and DH_anon_EXPORT_WITH_RC4_40_MD5).
  • Cryptography: Added PkcsBase.LoadSignedOrEnvelopedData method (a replacement for deprecated PkcsBase.Load).
  • WebSocket: Added support for TLS 1.3.
  • WebSocket: Optimized operation with KeepAliveInterval of 0.

2019 R3.2 #

(build 7206 from 2019-09-23)

.NET Core 3.0 support

This release introduces support for .NET Core 3.0 on the following platforms:

  • Windows (x64, x86, ARM32)
  • Windows 10 IoT (x64, x86, ARM32)
  • Linux (x64, ARM32)
  • macOS (x64)

Windows 10 IoT support

This release introduces support for .NET Core 3.0 on Windows 10 IoT on x64, x86 and ARM32 platforms.

Detailed list of changes:

  • All: Added support for .NET Core 3.0.
  • All: Added support for Windows 10 IoT (via .NET Core 3.0).
  • SSH: Added SshGssApiCredentials.AccountName property to make it possible to specify an account name to be passed to the SSH server.
  • SSH: Added workaround for legacy WS_FTP 7.x servers that encode long SSH packets improperly.
  • SSH: Fixed SshChannel.SendEof method not to send EOF when channel has already been closed.
  • Common: Optimized internal Task infrastructure on old .NET platforms.

2019 R3.1 #

(build 7161 from 2019-08-09)

Removed SSL 3.0 from TlsVersion.Any

TlsVersion.Any is no longer used by any Rebex component, but it might be used in custom applications. This could present a security issue because until now, TlsVersion.Any still used to contain TlsVersion.SSL30. SSL 3.0, a predecessor to TLS 1.0 protocol, has been published in 1996. It is comprehensively broken and should no longer be used. Application that still use it violate RFC 7568, which deprecated SSL 3.0 in 2015.

Serialization on Xamarin.Android and Xamarin.iOS platforms

Added support for classic .NET serialization ([Serializable] attributes and related infrastructure) on Xamarin.Android and Xamarin.iOS platforms.

Detailed list of changes:

  • All: Added support for serialization on Xamarin.Android and Xamarin.iOS platforms.
  • TLS Core: Modified TlsVersion.Any to only include TLS 1.0, 1.1 and 1.2.
  • Cryptography: Fixed handling of user-supplied RSACng in AsymmetricKeyAlgorithm and SshPrivateKey on modern platforms.

2019 R3 #

(build 7119 from 2019-06-28)

Support for .NET Standard 2.0 on Mono 5.14 and higher

Binaries of Rebex components targeting .NET Standard 2.0 are now also supported on Mono 5.14 and higher.

End of Standard Support for .NET Compact Framework 3.5 and 3.9

2019 R3 is the last release that includes support for .NET Compact Framework 3.5 and 3.9 in the standard package. Starting with 2019 R4, .NET CF 3.5/3.9 will only be supported with Legacy Editions, which will be available as separate products. See their release history.

Detailed list of changes:

  • All: Binaries targeting .NET Standard 2.0 are now supported on Mono 5.14 or higher.
  • SSH: Added SshPrivateKey.Generate(...) methods on .NET Compact Framework.
  • SSH: Added workaround for broken EtM ciphers in OpenSSH 6.6.
  • SSH: Enhanced GlobalScape SSH server detection.
  • SSH: Enlarged upper limit for non-standard DSA keys to 8192 bits on .NET Framework and .NET Core.
  • TLS Core: Added TlsCipherSuite.Fast enum value.
  • TLS Core: Fixed a bug in server-side mode of TlsSocket that caused client certificate authentication to fail.
  • TLS Core: Internal changes in the TLS layer (in preparation for the upcoming TLS 1.3 support on mainstream platforms).
  • Cryptography: Added Certificate.GetPrivateKeyInfo() method.
  • Cryptography: Added CertificateEngine.LocalMachine engine and CertificateEngine.Bind method.
  • Cryptography: Added support for SHA-224 hash algorithm.
  • Cryptography: Added support for X25519 key format (RFC 8410).
  • Cryptography: Always using AES by default to encrypt PKCS #8 private keys.
  • Cryptography: Meaningful error message for the CNG AEAD auth tag mismatch.
  • Common: Optimized asynchronous continuations on modern platforms.
  • Common: Upgraded Task infrastructure in Xamarin.Android binaries.

2019 R2 #

(build 7077 from 2019-05-17)

Support for Visual Studio 2019

All Rebex components are now fully supported in Microsoft Visual Studio 2019.

Support for .NET Framework 4.8

.NET Framework 4.8 is a fully supported platform.

Native elliptic curve cryptography on Linux with .NET Core 2.1 or higher

On Linux, binaries for .NET Standard 2.0 now utilize OpenSSL elliptic curve routines via .NET Core 2.1 (or higher), making it possible to use ECDH and ECDSA ciphers in TLS/SSL and SFTP/SSH with no need of external plugins.

Detailed list of changes:

  • All: Added support for .NET Framework 4.8 and Visual Studio 2019.
  • All: Removed leftover Trace.Write logging.
  • SSH: Added dummy support for SSH_MSG_EXT_INFO (RFC 8308).
  • Cryptography: Added CertificationRequest.Save method.
  • Cryptography: Added support for ECDSA and ECDH on .NET Core 2.1/.2.2 on Linux (no need for external plugins).
  • Cryptography: Added workaround for broken export of RSA keys from the CNG providers on Windows 7.
  • Cryptography: Added workaround for CRLs with redundant trailing data to CertificateRevocationList.
  • Cryptography: Added workaround for legacy versions of Mono with lack of SHA-2 support.
  • Common: Asynchronous infrastructure improvements.

2019 R1 #

(build 7027 from 2019-03-28)

New component: Rebex WebSocket

Rebex WebSocket is a multiplatform WebSocket client library that supports TLS 1.2/1.1/1.0, SHA-2, Server Name Identification (SNI), Renegotiation Indication Extension, Forward Secrecy, ZLIB. These features are available on all supported platforms: .NET Framework, .NET Compact Framework, Mono, Xamarin.iOS and Xamarin.Android.

The new library is available as a standalone package or as a part of Rebex Total Pack.

Detailed list of changes:

  • All: Added binaries targeting .NET Framework 3.5 SP1.
  • All: Added binaries targeting .NET Framework 4.6 and higher.
  • All: Added binaries targeting .NET Standard 2.0.
  • All: Removed long-deprecated API. Deprecated legacy API.
  • ProxySocket: Fixed passing of state to the callback method in BeginConnect.
  • SSH: Changed behavior of SshFingerprint.ToString() and .ToArray() to use SHA-256.
  • SSH: Improved performance of AES/GCM ciphers on .NET Compact Framework and non-Windows platforms.
  • SSH: RSA host keys are preferred to DSA host keys.
  • SSH: SHA-512 is only used during SSH client authentication when the RSA key length allows it.
  • SSH: SshParameters.MinimumRsaKeySize now applies to client RSA keys as well.
  • SSH: Using standard form of Diffie-Hellman group exchange with GlobalScape servers.
  • TLS Core: Fixed passing of state to the callback method in BeginConnect.
  • TLS Core: Improved performance of AES/GCM ciphers on .NET Compact Framework and non-Windows platforms.
  • Cryptography: Fixed behavior of HMAC mode in KeyMaterialDeriver.DeriveKeyMaterial method.
  • Cryptography: Fixed garbage collection issue with PFX-based certificate keys on non-Windows platforms.
  • Cryptography: Fixed handling of shared secred padding in AsymmetricKeyAlgorithm.GetKeyMaterialDeriver.
  • Cryptography: Fixed possible NullReferenceException in CertificationRequest.GetAlternativeHostnames method.
  • Common: Fixed Certificate.Associate with permanent bind on .NET Compact Framework to ensure the key is not garbage-collected.
  • Common: LocalItem constructor no longer fails on items with invalid paths.
  • WebSocket: Initial release.