Rebex .NET components 2017 R2: Elliptic Curve DSA in TLS/SSL
Elliptic Curve Cryptography is an attractive alternative to classic public-key cryptography. We already added support for Elliptic Curve Diffie-Hellman (ECDH) in TLS/SSL, and the latest release adds support for X509 certificates with Elliptic Curve DSA (ECDSA) keys as well. And this is not the only enhancement. SHA-1 is considered weak, which means that enhanced SHA-2 support in SSH might be useful.
ECDSA certificate support in TLS/SSL
In addition to TLS_ECDHA_RSA_*
cipher suites, Rebex FTP/SSL, HTTPS, Secure Mail and Telnet can connect to servers using ECDSA certificates using one of the TLS_ECDHA_ECDSA_*
cipher suites:
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA
TLS_ECDHE_ECDSA_WITH_RC4_128_SHA
SSH client authentication using RSA with SHA-2
Rebex SFTP, Rebex SSH Shell (part of Terminal Emulation) and Rebex File Server now support client public/private key authentication based on RSA with SHA-2 using the following ciphers:
rsa-sha2-256
rsa-sha2-256
ssh-rsa-sha256@ssh.com
Experimental support for Universal Windows Platform in Secure Mail and HTTPS
This release extends the experimental support for Universal Windows Platform (Windows 10, Windows 10 Mobile, Windows 10 IoT) to Rebex HTTPS and Rebex Secure Mail. This makes all Total Pack components usable on the UWP (UAP) platform.
Minor ISocket API changes
We moved legacy parts of ISocket
interface into the new ISocketExt
interface. We will not be making additional changes to the ISocket
interface. In future, it will be made obsolete by a new asynchronous API.
And more...
For a complete list of changes in 2017 R2, see the release history.