login about faq

Tectia Client / Server / Connect Secure 6.2.0 was released in May 02, 2011.

What is new in this release?

asked Jun 20 '11 at 14:25

SSH%20KB's gravatar image

SSH KB ♦
509249246237

edited Jun 20 '11 at 14:45

Roman's gravatar image

Roman ♦♦
7735817


The main purpose of Tectia Client/Server/ConnectSecure 6.2 release is to add support for SHA-2 family of cryptographic algorithms.

The key new features in release 6.2 are:

  • SHA-2 support
  • OpenSSL crypto library used in FIPS mode
  • Stability improvements of Tectia Client and Server
  • New supported OS: RHEL 6
  • Tectia name change

These features are described in more detail below.

SHA-2

Support for SHA-2 has been added to the Secure Shell protocol. This affects key-exchange algorithms (KEX), MACs, and digital signatures used in public-key authentication, including host keys and X.509 certificates. SHA-2 refers to the family of hash functions (SHA-224, SHA-256, SHA-384, SHA-512) as defined in FIPS PUB 180-3.

As a result, the following new configuration options have been added in ssh-broker-config.xml:

 <kexs />
 <hostkey-algorithms />
 <auth-publickey signature-algorithms="" />

The following new configuration options have been added in ssh-server-config.xml:

 <settings signature-algorithms="" />
 <kex name=""/>
 <hostkey-algorithm name=""/>

In addition, related to the introduction of SHA-2, the following algorithms have been dropped from the default ciphers and MACs:

 seed-cbc@ssh.com
 hmac-md5
 hmac-md5-96 

For more information, see Tectia Client User Manual and Tectia Server Admin Manual.

OpenSSL Crypto Library

When run in FIPS 140-2 mode, Tectia Client and Server use the OpenSSL FIPS-certified crypto library for ciphers, MACs and key-exchange algorithms instead of the Tectia proprietary crypto library. Tectia crypto library is used when Tectia Client and Server are run in standard (non-FIPS) mode.

The OpenSSL FIPS-certified library is not used on IBM z/OS or IBM Linux on IBM System z. For more information about the use of OpenSSL FIPS crypto library, see Tectia Client/Server Product Description.

Stability Improvements

The stability of Tectia Client and Server have been improved through various code changes, most of them "under the hood". The most visible of these changes are:

Improvements in Client and ConnectSecure

Added functionality to ssh-broker-ctl that helps in troubleshooting and controlling of Tectia Client.

The Connection Broker startup procedure was simplified and unified resulting in improved stability.

Graphical status monitoring tool (ssh-broker-gui) was separated from the main Connection Broker process, resulting in improved stability.

For more information, see Tectia Client User Manual.

Improvements in Server

ssh-server-ctl replaces ssh-server-config-tool.

ssh-server-config-tool binary still exists, but it is a direct copy from ssh-server-ctl (the tool modifies its behavior slightly when executed with the different name).

New troubleshooting commands in ssh-server-ctl:

  • Ability to start and stop particular servants
  • Status monitoring
  • Configuration reloading

For more information, see Tectia Server Administration Manual.

On Unix, a new configuration option <servant-lifetime total-connections="NUM" /> allows limiting the number of connections each servant process will handle.

For more information, see Tectia Server Administrator Manual.

Changes in OS Support and Third-Party Component Support

Added support for:

  • Red Hat Enterprise Linux 6.0 (x86, x86-64)

Dropped support for:

  • Entrust Authority Security Manager in AIX.
  • IBM z/OS 1.9

Tectia no longer distributes the package ssh-tectia-client-ft-only.

Tectia Name Change

SSH Communications Security Corp. changed its name to Tectia Corporation in April 2010. Starting from release 6.2.0, also the product names have been changed from "SSH Tectia" to "Tectia". The change should not affect any functionality. Binary names have not changed, but the installed product name and the version string have changed.---------

link

answered Jun 20 '11 at 14:28

SSH%20KB's gravatar image

SSH KB ♦
509249246237

Your answer
toggle preview

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here

By RSS:

Answers

Answers and Comments

Markdown Basics

  • *italic* or __italic__
  • **bold** or __bold__
  • link:[text](http://url.com/ "title")
  • image?![alt text](/path/img.jpg "title")
  • numbered list: 1. Foo 2. Bar
  • to add a line break simply add two spaces to where you would like the new line to be.
  • basic HTML tags are also supported

Tags:

×49
×3
×2

Asked: Jun 20 '11 at 14:25

Seen: 4,627 times

Last updated: Jun 20 '11 at 14:45

All user contributed content licensed under the cc-by-sa license.
Powered by OSQA.