Improves support for AES/GCM, Chacha20/Poly1305 and EtM MAC ciphers.
Features
- File Server: Added FileServerSettings.EnableEventsForFailedTransfers option.
- File Server: Added ServerSession.Cipher property to make it possible to determine SSH ciphers used by each session.
- File Server: Added support for AEAD encryption ciphers ('aes128-gcm@openssh.com', 'aes256-gcm@openssh.com' and 'chacha20-poly1305@openssh.com').
- File Server: Added support for encrypt-then-MAC ciphers ('hmac-sha2-256-etm@openssh.com' and 'hmac-sha2-512-etm@openssh.com').
- File Server: Enhanced handling of 'pty-req' and 'window-change' SSH channel requests - wrong values are rejected.
- File Server: Enhanced ShellModule class to make it possible to implement custom SSH subsystems.
- File Server: Virtual shell now treats the line-feed character as end-of-line indicator in addition to carriage-return character.
- SSH Shell: Added LocalEndPoint and RemoteEndPoint properties to SshTunnel class.
- Terminal: Improved TerminalControl.Bind method behavior to prevent needless locking.
- SSH: Added new properties to SshCipher to make it possible to determine IDs of active ciphers.
- SSH: Added workaround for a weakness in legacy CBC ciphers.
- TLS Core: Enhanced TlsSocket.Timeout property to apply to subsequent Send, SendAsync, Receive and ReceiveAsync methods even when TLS is already active.
- TLS Core: Improved and unified behavior of the TlsSocket Shutdown/ShutdownAsync methods when negotiation has not been started.
- TLS Core: Improved TLS exception reporting.
- TLS Core: Logging improvements.
- TLS Core: Optimizations in TLS 1.3 internals.
- TLS Core: Support for the TLS 1.3 record with empty application data payload and random padding.
- TLS Core: Unified TlsSocket.Cipher property behavior across TLS versions.
- TLS: Added TlsServerSocket class. Provides server-side TLS 1.3, 1.2, 1.1 and 1.0 support.
- Cryptography: Added ContentInfo.ToStream() method.
- Cryptography: Enhanced Certificate.LoadDerWithKey to support RSASSA-PSS and RSAES-OAEP for RSA keys.
- Cryptography: Improved AsymmetricKeyAlgorithm to support RSASSA-PSS and RSAES-OAEP with keys loaded via ImportKey method.
- Cryptography: Optimized Certificate and CertificteChain class to only consume native resources when needed.
- Cryptography: Optimized CNG handles cleanup.
Fixes
- File Server: Fixed client authentication using X.509 certificates.
- File Server: Fixed handling of unknown SSH packets.
- TLS Core: Fixed availability of TLS 1.3 session ticket when the receive side of the connection has already been closed.
- TLS Core: Fixed behavior of server-side DoNotCacheSessions option (which previously led to connection failures).
- TLS Core: Fixed some cases of missing AggregateException unwrapping.
- TLS: Fixed TlsClientSocket.EndConnect method.
- Cryptography: Fixed AsymmetricKeyAlgorithm.GenerateDiffieHellmanParameters slowness (only affected the previous release).