login about faq

Tectia SSH Client, Server and ConnectSecure were released on April 10. What's new in these releases?

asked Apr 10 '15 at 23:18

SSH%20doc's gravatar image

SSH doc ♦♦
267810


The 6.4.10 releases contain the following new features:

  • Support for Elliptic Curve Diffie-Hellmann (ECDH) for key exchange and Elliptic Curve Digital Signature Algorithm (ECDSA) for keys, host keys and X.509 certificates
  • Improved performance when logging in to Tectia SSH Server on Windows in a domain

All released products also include bug fixes and minor features.

The following includes a summary of the release notes for each product.

Tectia Client / ConnectSecure

New Features:

  • Windows, Linux, Solaris, HP-UX(IA-64): Upgraded the OpenSSL cryptographic library used in FIPS mode to version 1.0.2a. HP-UX (PA-RISC) and IBM AIX will continue to use the OpenSSL cryptographic library version 0.9.8.

  • Windows: Added support for configuring signature algorithms in Tectia Connections Configuration GUI.

  • All Platforms: Added support for Elliptic Curve Diffie-Hellmann (ECDH) for key exchange and Elliptic Curve Digital Signature Algorithm (ECDSA) for keys, host keys and X.509 certificates. The curves used are NISTP256, NISTP384 and NISTP521.

  • All Platforms: Entrust certificates are no longer supported.

Bug Fixes:

  • All Platforms: Documented the SSH_SFTP_CHECKSUM_MODE environment variable.

  • All Platforms: Documented the following deprecated elements and attributes of the Tectia SSH Server and/or Client configuration files: strict-host-key-checking, host-key-always-ask, accept-unknown-host-keys, transport-distribution, authentication-method, signature-algorithms (from the settings element).

  • All Platforms: Fixed a potential crash in the Connection Broker that occurred when handling a connection that was waiting for the passphrase, and the SSH server that the Connection Broker was connecting to shut down.

  • All Platforms: Removed the transport distribution element from the Tectia Connections Configuration GUI, as the feature is no longer supported.

  • Windows: Fixed a problem in the Tectia Connections Configuration GUI that was preventing moving a connection profile from a folder to another folder.

  • Windows, Linux, Solaris and HP-UX Itanium: On platforms where the OpenSSL cryptographic library version 1.0.2a is used, ssh-keygen-g3 in FIPS mode (--fips-mode) can now be used to generate RSA keys of length n*512, where 2=<n=<24 (that is 1024, 1536, 2024, ... , 11776 and 12288 bits).

  • All Platforms: ssh-broker-g3 will no longer crash if it fails to read its configuration file because of faulty permissions.

  • Windows: ssh-broker-ctl debug --log-file will always append the messages to the log file (the same as with the --append option). This change does not affect other platforms.

  • All Platforms: ssh-broker-ctl will no longer busyloop when using add-crl or add-certificate command without specifying a file name.

  • Documentation: Generic improvements.

  • ConnectSecure only - Linux: The transparent TCP tunneling filter rule is no longer disabled in the Tectia Connections Configuration GUI on Linux.

Known issues:

  • All Platforms: Agent Forwarding using ECDSA keys is not yet supported for connections that are started with an OpenSSH client.

Tectia Server

New Features:

  • Windows, Linux, Solaris, HP-UX(IA-64): Upgraded the OpenSSL cryptographic library used in FIPS mode to version 1.0.2a. HP-UX (PA-RISC) and IBM AIX will continue to use the OpenSSL cryptographic library version 0.9.8.

  • Unix: Added a configuration element in Tectia SSH Server that allows the administrator to create rules about the changing of expired passwords.

  • All Platforms: Added support for Elliptic Curve Diffie-Hellmann (ECDH) for key exchange and Elliptic Curve Digital Signature Algorithm (ECDSA) for keys, host keys and X.509 certificates. The curves used are NISTP256, NISTP384 and NISTP521.

  • All Platforms: Entrust certificates are no longer supported.

Bug Fixes:

  • Windows: Improved the performance when logging in to Tectia SSH Server in a domain. The time spent in retrieving information from the domain controller is now optimized.

  • Linux, Solaris: Users without an entry in /etc/passwd and /etc/shadow no longer fail to authorize to Tectia SSH Server when using an authentication method that does not require the presence of an entry in said files.

  • Linux: Fixed a problem in Tectia SSH Server that produced a hang of the terminal connection after authentication in Linux distributions with a glibc library newer than 2.18-16. NOTE: At the time of releasing this version, the currently supported RHEL and SUSE versions include an older version of glibc, meaning that they are not yet affected by this issue.

  • All Platforms: Fixed an issue in Tectia SSH Server that was causing some audit messages to not be logged during file transfer.

  • All Platforms: Tectia SSH Server no longer returns an "unknown error" when attempting to get a non-existing file from Tectia SSH Server with an OpenSSH-based SCP client.

  • All Platforms: Tectia SSH Server no longer sends its license ID in an SSH_MSG_IGNORE message, as there are third-party SSH servers that do not handle such a situation well.

  • All Platforms: Fixed a problem with the authorization file option "idle-timeout". When in use, it will no longer abort authentication when using public-key authentication for that specific key.

  • Windows, Linux, Solaris and HP-UX Itanium: On platforms where the OpenSSL cryptographic library version 1.0.2a is used, ssh-keygen-g3 in FIPS mode (--fips-mode) can now be used to generate RSA keys of length n*512, where 2=<n=<24 (that is 1024, 1536, 2024, ... , 11776 and 12288 bits).

  • Documentation: Clarified the documentation regarding the umask value that is used when a user logs in to Tectia SSH Server.

  • Documentation: Documented the following deprecated elements and attributes of the Tectia SSH Server and/or Client configuration files: strict-host-key-checking, host-key-always-ask, accept-unknown-host-keys, transport-distribution, authentication-method, signature-algorithms (from the settings element)

  • Documentation: Generic improvements.

Known issues:

  • All Platforms: Agent Forwarding using ECDSA keys is not yet supported for connections that are started with an OpenSSH client.

For further information about the products and changes between the different versions, and instructions on how to update the product, see the customer documentation and release notes at the SSH product documentation site.

link

answered Apr 10 '15 at 23:29

SSH%20KB's gravatar image

SSH KB ♦
509249247238

Your answer
toggle preview

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here

By RSS:

Answers

Answers and Comments

Markdown Basics

  • *italic* or __italic__
  • **bold** or __bold__
  • link:[text](http://url.com/ "title")
  • image?![alt text](/path/img.jpg "title")
  • numbered list: 1. Foo 2. Bar
  • to add a line break simply add two spaces to where you would like the new line to be.
  • basic HTML tags are also supported

Tags:

×69
×60
×49
×31

Asked: Apr 10 '15 at 23:18

Seen: 5,579 times

Last updated: Apr 10 '15 at 23:29

All user contributed content licensed under the cc-by-sa license.
Powered by OSQA.