Announcing Rebex 2019 R4 Preview 2 with TLS 1.3 support

Today, we are releasing Preview 2 of Rebex Total Pack 2019 R4 release with TLS 1.3 support on a wide range of .NET platforms and operating systems.

It adds TLS 1.3 support to Rebex HTTPS, WebSocket, FTP, IMAP, POP3, SMTP, EWS and Telnet components. We have made substantial improvements since Preview 1 and if all goes well, Preview 2 is going to be the last preview version, with final R4 release coming next month. To give Preview 2 a try:

  1. Download Rebex Total Pack 2019 R4 Preview 2.
  2. Reference the assemblies you need from your application.
  3. Set your Rebex NuGet license key.
  4. Enable TLS 1.3 via [client].Settings.SslAllowedVersion.

If you find any issues, please let us know as soon as possible so we can fix them ahead of R4 release.

Platforms

Preview 2 supports TLS 1.3 on the following platforms:

  • .NET Core 3.0 on Windows, Windows IoT, Linux and macOS
  • .NET Core 2.1/2.2 on Windows, Linux and macOS
  • .NET Core 1.0/1.1 on Windows 7 SP1 or higher
  • .NET Framework 4.5-4.8 on Windows 7 SP1 or higher
  • .NET Framework 2.0/3.5/4.0 on Windows XP SP3 or higher (needs a plugin on Windows XP SP3)
  • Mono 4.0 or higher (needs a plugin)
  • Xamarin.Android 8 or higher (needs a plugin)
  • Xamarin.iOS 10.3 or higher (needs a plugin)

Features

TLS 1.3 is a major overhaul of TLS 1.2, so we used this opportunity to develop a modern fully asynchronous and full-duplex managed C# implementation that is going to last for many years. As of Preview 2, we have implemented all mandatory TLS 1.3 cipher suites and extensions and many of the optional ones as well:

  • PSK resumption (all modes) (pre_shared_key extension)
  • HelloRetryRequest support
  • key_share extension
  • Middlebox Compatibility Mode support
  • Server Name Indication (server_name extension)
  • Cookies (cookie extension)
  • TLS_AES_128_GCM_SHA256 cipher suite
  • TLS_AES_256_GCM_SHA384 cipher suite
  • secp256r1 (NIST P-256) key exchange
  • secp384r1 (NIST P-384) key exchange
  • secp521r1 (NIST P-521) key exchange
  • X25519 key exchange (needs a plugin)
  • rsa_pkcs1_sha256 signature scheme
  • rsa_pkcs1_sha384 signature scheme
  • rsa_pkcs1_sha512 signature scheme
  • rsa_pss_rsae_sha256 signature scheme
  • rsa_pss_rsae_sha384 signature scheme
  • rsa_pss_rsae_sha512 signature scheme
  • ecdsa_secp256r1_sha256 signature scheme
  • ecdsa_secp384r1_sha384 signature scheme
  • ecdsa_secp521r1_sha512 signature scheme
  • rsa_pkcs1_sha1 legacy signature scheme
  • ecdsa_sha1 legacy signature scheme

Example code

For Rebex HTTPS, use the following code:

// Replace the key with your Rebex NuGet key.
// More info: https://www.rebex.net/kb/license-keys/        
Rebex.Licensing.Key = "==AOIojyDM+DZjQGV7F85lcauiygcmkEiz4dVIjXDTka2w==";

// Enable TLS 1.3 via TLS/SSL settings.
var client = new Rebex.Net.WebClient();
client.Settings.SslAllowedVersions |= TlsVersion.TLS13;
client.DownloadString("https://example.org/");

In other Rebex components, TLS 1.3 can be enabled in a similar way via Settings.SslAllowedVersions featured by classes such as Ftp, Imap, and so on.

More features coming soon

We are now concentrating on releasing version R4 in October. Once we are done, we'll start adding more features:

  • Tweakable settings (feature set is currently hardcoded)
  • Finite Field Groups (DHE) key exchange (available upon request)
  • TLS_CHACHA20_POLY1305_SHA256 cipher suite (in progress)
  • KeyUpdate support (experimental support)
  • PostHandshake-Auth support (experimental support)
  • TLS Socket API (available upon request)
  • TLS Socket API (sync/async) with Scatter-Gather IO support (planned for 2020)
  • Server-side TLS 1.3 (planned for 2020)