What's new in Tectia Client/Server/ConnectSecure and Server for IBM z/OS 6.4.6?

The 6.4.6 releases contain the following special features:

• Tectia Client and Server: support for Windows 2012 R2
• Tectia Server: "Load control", a connection flood DoS attack mitigation feature that uses a white list of IP addresses.

All released products also include bug fixes and minor features.

The following includes a summary of the release notes for each product.

Tectia Client

New Features:

• Windows: Added support for Windows Server 2012 R2 for Tectia Client and Server.

• Windows: Updated the certificate used for signing the Windows packages. Note that the new certificate uses SHA-2 to verify its signature. Microsoft XP with Service Pack 2 does not support SHA-2 and therefore cannot guarantee the integrity of the certificate (KB968730). For Microsoft Windows Server 2003 with Service Pack 2, to validate the certificate, apply the hotfix to KB968730.

Bug Fixes:

• All Platforms: Newline conversions in Tectia file transfer clients no longer fail to work when transferring files to a VShell Server (VanDyke).

• All Platforms: File transfers from Tectia Clients no longer crash when transferring files in ASCII mode to a VShell Server (VanDyke).
  

• All platforms: Fixed a potential memory corruption when transferring files recursively and using a configuration file to specify the file transfer advice strings.

• Windows: Fixed the display of certain incorrect error messages.

• Windows: GSSAPI authentication no longer fails in certain conditions when the security authentication package is too large.

• Windows: Users are now able to authenticate via GSSAPI when using the host name, the fully qualified domain name or an IP address to define the destination server.
  

• Windows: It is now possible to set GSSAPI ticket forwarding using the Tectia Connections Configuration GUI.

• Windows: Fixed a bug in sshg3 which caused occasional hangs when run on Windows 8.

Tectia Server

New Features:

• All platforms: Implemented "load control", a connection flood DoS attack mitigation feature that uses a white list of IP addresses. The feature attempts to keep Tectia Server up and running in the face of a Denial of Service attack that tries to use so much of the server's resources that normal service would be disrupted.

• Windows: Added support for Windows Server 2012 R2 for Tectia Client and Server.

• Windows: Updated the certificate used for signing the Windows packages. Note that the new certificate uses SHA-2 to verify its signature. Microsoft XP with Service Pack 2 does not support SHA-2 and therefore cannot guarantee the integrity of the certificate (KB968730). For Microsoft Windows Server 2003 with Service Pack 2, to validate the certificate, apply the hotfix to KB968730.

• Windows: Local tunneling constraints obtained via an external application can now be configured using the Tectia Server Configuration GUI.

Bug Fixes:

• All Platforms: Fixed a deadlock that occurred in Tectia Server under stress when using the Tectia Mapper Protocol.

• All platforms: Fixed a bug in Tectia Server that was causing the ssh-servant-g3 process to crash under stress.

• All Platforms: Improved Tectia Server's stability under stress.

• Unix: When configuring GSSAPI authentication, the dll-path parameter is no longer ignored.

• Windows: Improved error handling related to domain user authentication when there is a one-way trust relationship between the domain of the host and the domain of the user.

• Windows: Fixed the display of certain incorrect error messages.

• Windows: RSA SecurID authentication no longer fails when aceclnt.dll is specified in the Tectia Server configuration file, but not in the system's path.

• Windows: GSSAPI authentication no longer fails in certain conditions when the security authentication package is too large.

• Windows: Users are now able to authenticate via GSSAPI when using the host name, the fully qualified domain name or an IP address to define the destination server.
  

• Windows: Fixed a memory leak that occurred in Tectia Server under certain conditions when authenticating domain users.

• Windows: Fixed a bug in Tectia Server that was causing the ssh-servant-g3 process to crash when authenticating domain users.

• Documentation: Corrected the Tectia Server Registry Keys location on Windows.

Tectia ConnectSecure

New Features:

• Windows: Updated the certificate used for signing the Windows packages. Note that the new certificate uses SHA-2 to verify its signature. Microsoft XP with Service Pack 2 does not support SHA-2 and therefore cannot guarantee the integrity of the certificate (KB968730). For Microsoft Windows Server 2003 with Service Pack 2, to validate the certificate, apply the hotfix to KB968730.

Bug Fixes:

• All Platforms: Newline conversions in Tectia file transfer clients no longer fail to work when transferring files to a VShell Server (VanDyke).

• All Platforms: File transfers from Tectia Clients no longer crash when transferring files in ASCII mode to a VShell Server (VanDyke).
  

• All platforms: Fixed a potential memory corruption when transferring files recursively and using a configuration file to specify the file transfer advice strings.

• All Platforms: Fixed a memory leak that occurred in the ssh-ftp-proxy when showing the SFTP server banner message.

• Windows: Fixed the display of certain incorrect error messages.

• Windows: GSSAPI authentication no longer fails in certain conditions when the security authentication package is too large.

• Windows: Users are now able to authenticate via GSSAPI when using the host name, the fully qualified domain name or an IP address to define the destination server.

• Windows: It is now possible to set GSSAPI ticket forwarding using the Tectia Connections Configuration GUI.

• Windows: Fixed a bug in sshg3 which caused occasional hangs when run on Windows 8.

Tectia Server for IBM z/OS

New Features:

• z/OS: Added the new SFTP SITE command and advice string parameter "SPACE_RELEASE"(or RLSE when abbreviated). If SPACE_RELEASE is set to "yes" (default) when a new data set is allocated, unused disk space will be released. Otherwise the allocated space of a data set is retained.

Bug Fixes:

• All Platforms: Newline conversions in Tectia file transfer clients no longer fail to work when transferring files to a VShell Server (VanDyke).

• All Platforms: File transfers from Tectia Clients no longer crash when transferring files in ASCII mode to a VShell Server (VanDyke).
  

• All platforms: Fixed a potential memory corruption when transferring files recursively and using a configuration file to specify the file transfer advice strings.

• All Platforms: Fixed a memory leak that occurred in the ssh-ftp-proxy when showing the SFTP server banner message.

• z/OS: S378 abends should no longer happen when using FILETYPE=JES directory functions.
  

• z/OS: Using a file transfer profile via file transfer advice strings with the OpenSSH client no longer fails to work.

• z/OS: The execution of the commands "digest" or "ldigest" from sftpg3 on the server side no longer fails in some cases.

• z/OS: Listing PDSEs with sftpg3 no longer shows space as 0. It now reports the estimated size based on the number of allocated tracks of the PDSE.

• z/OS: Fixed the issue with file transfer advice strings where data set allocation was done dynamically even when the VOLUMES attribute was specified, except for when the UNIT attribute was configured.

• z/OS: Fixed the upgrade script, so that it will no longer create a new host key for the server.

• z/OS: Simplified the license location requirement for Tectia Server for z/OS. From now on, the licenses must be installed by copying the license files to /opt/tectia/etc/licenses/ and making sure they are readable.

• z/OS: Removed the no longer used ICU libraries from the packages.

• Documentation: Improved the instructions for installing licenses in the z/OS documentation.

For further information about the products and changes between the different versions, and instructions on how to update the product, see the customer documentation and release notes at SSH product documentation web page.