login about faq

Tectia SSH Client, SSH Server and ConnectSecure 6.4.15 were released on June 21, 2017. What's new in these releases?

asked Sep 20 at 09:18

SSH%20KB's gravatar image

SSH KB ♦
509249247238


Tectia Client and Server 6.4.15 releases support the following new features:

  • Tectia Server: Trusted Mode OCSP responder configuration so that the certificate revocation status check can be delegated to a different PKI, for example internal replication service in order to avoid downloading large CRLs. Implements RFC5019 and RFC6960.
  • Tectia Server: Audit messages related to certificate validation indicate, whether OCSP or CRLs were used during the validation process.
  • Windows: Added support for using environment variable DISPLAY to overwrite default X11 display setting.

Additionally, the following bugs have been addressed:

Tectia Server

  • All platforms: Fixed a memory leak on Private Key storage function during server reconfiguration.

  • All platforms: Fixed a race condition on X.509 certificate validation code causing rare server side crashes when client authentication using certificates was enabled.

  • Certificate validator configuration parameters were adjusted upwards to allow use of large revocation lists up to 50MB of size.

  • Linux: Use library call getgrouplist(3) to retrieve user group membership information instead of calling getgrent(3) to avoid delays when using network user directories, like LDAP Active Directory or NIS.

  • All platforms: TCP socket listener backlog parameter increased.

  • All platforms: Fixed bug, where certificate/CRL cache could not be loaded, if it contained large CRLs.

  • All platforms: CRL autoupdate checks for expiration of the CRL soon after these have been loaded from the local disk cache file.

  • All platforms: CRL prefetch is performed once soon after the server has been started, instead of waiting for the given interval to expire.

  • All platforms: Fixed an error that could cause CRL prefetch to crash the server.

  • All platforms: Fixed an error, where valid CRLs were dropped from the local cache without a good reason.

  • All platforms: Fixed a bug that caused OCSP responses to be rejected, in case when the OCSP responses do not contain a responseNonce (e.g. are pre-produced), and the response thisUpdate, and producedAt timestamps were not within expected interval.

Tectia Client

  • Fixed a race condition on X.509 certificate validation code causing rare server side crashes when client authentication using certificates was enabled.

  • Certificate validator configuration parameters were adjusted upwards to allow use of large revocation lists up to 50MB of size.

  • All platforms: TCP socket listener backlog parameter increased to facilitate higher port forwarding rate.

  • All platforms: Fixed an error, where valid CRL's were dropped from the local cache without a good reason.

  • All platforms: Fixed a bug that caused OCSP responses to be rejected, in case when the OCSP responses do not contain a responseNonce (e.g. are pre-produced), and the response thisUpdate, and producedAt timestamps were not within expected interval.

For further information about the products and changes between the different versions, and instructions on how to update the products, see the customer documentation and release notes at the SSH product documentation site.

link

answered Sep 20 at 09:21

SSH%20KB's gravatar image

SSH KB ♦
509249247238

Your answer
toggle preview

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here

By RSS:

Answers

Answers and Comments

Markdown Basics

  • *italic* or __italic__
  • **bold** or __bold__
  • link:[text](http://url.com/ "title")
  • image?![alt text](/path/img.jpg "title")
  • numbered list: 1. Foo 2. Bar
  • to add a line break simply add two spaces to where you would like the new line to be.
  • basic HTML tags are also supported

Tags:

×82
×11
×3
×1
×1

Asked: Sep 20 at 09:18

Seen: 283 times

Last updated: Sep 20 at 09:21

All user contributed content licensed under the cc-by-sa license.
Powered by OSQA.