Tectia Server/Client 6.4.16 release fixes several bugs and adds new features such as SHA2 interoperability with 3rd party secure shell implementations. Also it is now possible to disable zlib compression on the server-side and Windows Tectia Server is no longer limited in features when LSA protection mode is enabled on hardened Windows Server.
Details of the new supported features:
- All platforms: Added support for following key exchange algorithm
names defined in RFC 8268: diffie-hellman-group14-sha256,
diffie-hellman-group16-sha512, diffie-hellman-group18-sha512.
Tectia Server
Additionally, the following bugs have been addressed in Tectia Server/Client:
-
Windows: Fixed %U and %username% pattern strings that can be used in server
configuration. The pattern strings now expand as documented. When upgrading
from 6.4.x, please check and edit your configuration accordingly as this
change may cause publickey authentication to fail.
%U is expanded to domain.username
%username% is expanded to domain\username
-
All platforms: Changed key exchange algorithm defaults so that
algorithms using SHA-2 are preferred over SHA-1.
-
Windows: SSH Tectia Server directory no longer inherits permissions by
default. This addresses issue on Windows Server 2016 when Tectia Server
failed to start after configuration file was copied manually to the directory.
-
All platforms: Modified openssh2 format public key decoding.
Decoding is now able to handle options field.
-
Windows: Fixed hostkey generation issue when using Tectia Server
Configuration GUI.
-
All platforms: Server sends now response to SSH_FX_EXT_FILE_STREAM_WAIT
also if the transfer in streaming mode was not completed on the client-side.
Addresses potential hang of sftpg3 client when for example local write fails
with "No space left on device".
-
Windows and Linux: Fixed HMAC display name in UI. HMAC-SHA256 is displayed
as Tectia/Old instead of HMAC-SHA256-2.
-
All platforms: Modified openssh2 format public key decoding.
Decoding is now able to handle options field.
-
All platforms: Fixed sftpg3 'kexs' and 'hostkey-algorithms'
command line options.
-
All platforms: Modified 'ssh-broker-ctl stop' to stop
also older broker versions.
For further information about the products and changes between the different versions, and instructions on how to update the products, see the customer documentation and release notes at the SSH product documentation site.
