What's new in Tectia Client/Server 6.4.16?

Tectia Server/Client 6.4.16 release fixes several bugs and adds new features such as SHA2 interoperability with 3rd party secure shell implementations. Also it is now possible to disable zlib compression on the server-side and Windows Tectia Server is no longer limited in features when LSA protection mode is enabled on hardened Windows Server.

Details of the new supported features:

• All platforms: Added support for following key exchange algorithm names defined in RFC 8268: diffie-hellman-group14-sha256, diffie-hellman-group16-sha512, diffie-hellman-group18-sha512.

Tectia Server

• All platforms: Added configuration option to disable compression support.

• Windows: Added support for additional Local Security Authority (LSA) process protection.

Additionally, the following bugs have been addressed in Tectia Server/Client:

• Windows: Fixed %U and %username% pattern strings that can be used in server configuration. The pattern strings now expand as documented. When upgrading from 6.4.x, please check and edit your configuration accordingly as this change may cause publickey authentication to fail. %U is expanded to domain.username %username% is expanded to domain\username

• All platforms: Changed key exchange algorithm defaults so that algorithms using SHA-2 are preferred over SHA-1.

• Windows: SSH Tectia Server directory no longer inherits permissions by default. This addresses issue on Windows Server 2016 when Tectia Server failed to start after configuration file was copied manually to the directory.

• All platforms: Modified openssh2 format public key decoding. Decoding is now able to handle options field.

• Windows: Fixed hostkey generation issue when using Tectia Server Configuration GUI.

• All platforms: Server sends now response to SSH_FX_EXT_FILE_STREAM_WAIT also if the transfer in streaming mode was not completed on the client-side. Addresses potential hang of sftpg3 client when for example local write fails with "No space left on device".

• Windows and Linux: Fixed HMAC display name in UI. HMAC-SHA256 is displayed as Tectia/Old instead of HMAC-SHA256-2.

• All platforms: Modified openssh2 format public key decoding. Decoding is now able to handle options field.

• All platforms: Fixed sftpg3 'kexs' and 'hostkey-algorithms' command line options.

• All platforms: Modified 'ssh-broker-ctl stop' to stop also older broker versions.

For further information about the products and changes between the different versions, and instructions on how to update the products, see the customer documentation and release notes at the SSH product documentation site.