Rebex .NET components 2017 R2: Elliptic Curve DSA in TLS/SSL

  |   Lukas Pokorny

Elliptic Curve Cryptography is an attractive alternative to classic public-key cryptography. We already added support for Elliptic Curve Diffie-Hellman (ECDH) in TLS/SSL, and the latest release adds support for X509 certificates with Elliptic Curve DSA (ECDSA) keys as well. And this is not the only enhancement. SHA-1 is considered weak, which means that enhanced SHA-2 support in SSH might be useful.

ECDSA certificate support in TLS/SSL

In addition to TLS_ECDHA_RSA_* cipher suites, Rebex FTP/SSL, HTTPS, Secure Mail and Telnet can connect to servers using ECDSA certificates using one of the TLS_ECDHA_ECDSA_* cipher suites:

  • TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
  • TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
  • TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
  • TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
  • TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA
  • TLS_ECDHE_ECDSA_WITH_RC4_128_SHA

SSH client authentication using RSA with SHA-2

Rebex SFTP, Rebex SSH Shell (part of Terminal Emulation) and Rebex File Server now support client public/private key authentication based on RSA with SHA-2 using the following ciphers:

  • rsa-sha2-256
  • rsa-sha2-256
  • ssh-rsa-sha256@ssh.com

Experimental support for Universal Windows Platform in Secure Mail and HTTPS

This release extends the experimental support for Universal Windows Platform (Windows 10, Windows 10 Mobile, Windows 10 IoT) to Rebex HTTPS and Rebex Secure Mail. This makes all Total Pack components usable on the UWP (UAP) platform.

Minor ISocket API changes

We moved legacy parts of ISocket interface into the new ISocketExt interface. We will not be making additional changes to the ISocket interface. In future, it will be made obsolete by a new asynchronous API.

And more...

For a complete list of changes in 2017 R2, see the release history.