Release Notes for Tectia Client 6.6.0 --------------------------------------------- 6 June 2022 Copyright (C) 2022 SSH Communications Security Corporation This software is protected by international copyright laws. All Rights Reserved. Table of Contents 1. About This Release 2. Important Changes 3. New Features 4. Bug Fixes 5. Known Issues 6. Further Information 1. About This Release ----------------------- The 6.6 release of Tectia Client is declared Feature Release, and it is supported for 3 years from the release date of 6.6.0. The latest support end dates for Tectia Client/Server are available at: https://www.ssh.com/products/support/end-of-support This release is based on Tectia Server 6.5.2. Items addressed in this release are listed under the "6.6.0" section. The 6.6.0 release is available for Linux, AIX and Windows on x86-64 platforms. Special items for this release are: - Tectia Quantum Safe Edition with multiple PQC hybrid key exchange algorithms - Improvements to certificate validation We recommend uninstalling any SSH Secure Shell and SSH Tectia 4.x products, and on Windows also SSH Tectia 6.0.x or older, before installing SSH Tectia 6.6 products. For the installation instructions, refer to the Tectia Client User Manual. 2. Important Changes ---------------------- Important changes in 6.6.0 -------------------------- (TECT-193) Tectia Quantum Safe Edition license file enables Post Quantum Cryptography (PQC) algorithms SABER, CHRYSTALS/Kyber, FrodoKEM and Streamlined NTRU Prime that are used in a Hybrid Key Exchange together with a classical ECDH algorithm. Both the PQC and ECDH algorithm contribute to the key material resulting in a session key that is at least as hard to break as the strongest composite. The hybrid approach mitigates the risk of future attacks on recorded secure shell sessions if weaknesses are discovered in either algorithm. Note that the server-side, Tectia Server version 6.6 and above, Tectia SSH Server for z/OS version 6.6.12 or above, or OpenSSH version 9.0 or above, needs to also support and allow at least one of the PQC hybrid KEX algorithms or connections will use classical KEX algorithms by default. Note when upgrading from 6.5.1 with changed configurations or from 6.4.x, the Post Quantum Cryptography (PQC) algorithms require Tectia Quantum Safe Edition license and are not enabled unless explicitly configured. Please see the Tectia Client example file ssh-broker-config-example.xml (TECT-541) Due to vulnerabilities discovered in the SHA-1 hashing algorithm, SHA1 algorithms for signatures and key exchange have been removed from client defaults. These algorithms can still be enabled for legacy reasons for example in profile settings when connecting to a particular legacy server. For fallback configuration please see the Tectia Client example file ssh-broker-config-example.xml in the system-wide configuration directory. It is important to understand that SHA-1 algorithms are deprecated due to security issues and should not be enabled without a critical legacy dependency for them. Enabling SHA-1 algorithms is not recommended by us. * ssh-rsa (RSA/SHA1) is no longer included in public-key signature algorithms nor host key algorithms default values. We recommended using SHA2 variants (e.g. rsa-sha2-256, ssh-rsa-sha256@ssh.com) for existing RSA keys. * ssh-dss (DSA/SHA1) is no longer included in public-key signature algorithms nor host key algorithms. We recommend using SHA2 variants (e.g. ssh-dss-sha256@ssh.com) for existing DSA keys and creating additional RSA, ED25519, or ECDSA key(s) for better interoperability with third-party clients/servers. * diffie-hellman-group-exchange-sha1 (DH-GEX-SHA1) and diffie-hellman-group14-sha1 are no longer included in key exchange default values. We recommend using SHA2 variants (e.g. diffie-hellman-group-exchange-sha256 and diffie-hellman-group14-sha256). SHA2 variants @ssh.com algorithms have been supported in Tectia Client/Server since version 6.2.0 released in 2011. Standardized SHA2 variants since version 6.4.18. HMAC SHA1 algorithms still remain in client defaults. Although NIST has formally deprecated use of SHA-1 for digital signatures, SHA-1 is still considered secure for HMAC as the security of HMAC does not rely on the underlying hash function being resistant to collisions. CBC mode ciphers are no longer included in client defaults. Although there are no known vulnerabilities for current versions, there are better counter modes available such as GCM. CBC mode ciphers can still be manually enabled in the client configuration. This change was made to alleviate false positives in security audits. Our recommendation is to use CTR mode and GCM mode over CBC mode whenever possible and use CBC mode only when it is not possible to use the other two counter modes with ciphers. 3. New Features ----------------- The following new features have been implemented in Tectia Client: New Features in 6.6.0 --------------------- (TECT-193) - Added support for Post Quantum Cryptography (PQC) hybrid key exchange algorithms. Following PQC hybrid KEX algorithms are supported and enabled by default when Tectia Quantum Safe Edition license is installed: * ecdh-nistp521-firesaber-sha512@ssh.com * ecdh-nistp521-kyber1024-sha512@ssh.com * curve25519-frodokem1344-sha512@ssh.com * sntrup761x25519-sha512@openssh.com Tectia Client prefers the PQC hybrid KEX algorithms over classical KEX algorithms in the above order by default. (TECT-571) - Added support for IBM AIX 7.3 (TECT-557) - sftpg3 command-line client: also sha256 and sha512 can now be used with digest command with servers that support the hashes. New Features in 6.5.2 --------------------- - There are no new features introduced in this release. New Features in 6.5.1 --------------------- (TECT-194) - Windows: Japanese localization for Tectia Client. Feature can be enabled with a separate license. (TECT-95) - Windows: Japanese character set Shift-JIS supported on Tectia Client File Transfer GUI and Terminal GUI. (TECT-94) - Windows: Tectia Client File Transfer GUI and Terminal GUI support UTF-8. (TECT-462) - Windows 11, Windows Server 2022, SUSE Linux Desktop 15 and SUSE Linux Enterprise Server 15 (x86-64) added as supported installation platforms. (TECT-313) - Added support for x509-certificate-chain for user and host certificates and standardized X.509v3 signature algorithms defined in RFC6187. Following signature-algorithms and hostkey-algorithm are supported: * x509v3-rsa2048-sha256 * x509v3-ecdsa-sha2-nistp256 * x509v3-ecdsa-sha2-nistp384 * x509v3-ecdsa-sha2-nistp521 * x509v3-ssh-dss (DSA/SHA1 not enabled by default on server-side) * x509v3-ssh-rsa (RSA/SHA1 not enabled by default on server-side) (TECT-147) - Added support for OpenSSH user and host certificates. Following signature-algorithms and hostkey-algorithm are supported: * ecdsa-sha2-nistp256-cert-v01@openssh.com * ecdsa-sha2-nistp384-cert-v01@openssh.com * ecdsa-sha2-nistp521-cert-v01@openssh.com * ssh-ed25519-cert-v01@openssh.com * rsa-sha2-256-cert-v01@openssh.com * rsa-sha2-512-cert-v01@openssh.com * ssh-rsa-cert-v01@openssh.com (RSA/SHA1 not enabled by default) * ssh-dss-cert-v01@openssh.com (DSA/SHA1 not enabled by default) (TECT-492) - Added curve25519-sha256@libssh.org to client and server key exchange defaults for better interoperability with 3rd party implementations that do not support standardized curve25519-sha256. (TECT-365) - Windows: OpenSSH-style system-wide C:\ProgramData\SSH\ssh_known_hosts is now checked after C:\ProgramData\SSH\HostKeys\ folder for existing saved public hostkeys. (TECT-349) - External program command-line now supports '%U' (username) and '%H' (hostname) substitutions. The custom program is expected to return with exit value 0 for success within 70 seconds. Example external-program commands with username and hostname substitution: sshg3 --password="extprog://getpass.sh %U" sshg3 --password="extprog://%U/pass.sh" sshg3 --password="extprog://%U_%H.sh" (TECT-228) - Tectia Client Configuration GUI now stores saved password in base64 encoded format using string-base64 attribute for non-interactive connections. Also passwords with special character " can be used. Public-key authentication or external password program is recommended instead of saved passwords. (TECT-290) - ssh-keygen-g3 --append=no option now correctly truncates saved public hostkey file so that shorter keys can be used to replace longer keys, for example an ECDSA key to replace a RSA key. Now subsequent alternate identities can be appended correctly. (TECT-160) - Windows: Tectia Client File Transfer GUI has now 'Filter bar' toolbar for local and remote file list to filter folders and files using a glob pattern, e.g. '*.txt' in current folder. (TECT-219) - RFC8308 server-sig-algs extension is now supported also on client-side. User public-key authentication is less likely to fail for example against OpenSSH server due to too many failed attempts when only signature algorithms that the server supports are attempted. 4. Bug Fixes -------------- The following fixes have been implemented in Tectia Client: Bug Fixes in 6.6.0 ------------------ (TECT-544) - Tectia Client Configuration GUI now correctly disables "use proxy rule" for profiles when the option is toggled. (TECT-559) - Tectia Client Configuration GUI can be used again to add multiple local tunnel configurations. (TECT-564) - Fixed an issue with OCSP certificate validation that may have resulted in Certificate_validation_failure with error time-interval-was-invalid even if valid CRL was available when check against OCSP responder failed. Bug Fixes in 6.5.2 ------------------ - There are no Tectia Client bug fixes introduced in this release. Bug Fixes in 6.5.1 ------------------ (TECT-308) - sshg3 -f, --fork-into-background option no longer prevents executing the remote command. (TECT-190) - Current terminal size is now requested also in the initial window size request that previously used always Terminal height: 24 rows. This improves interoperabilit with 3rd party servers like Cisco routers that do not implement window-change message defined in RFC4254. (TECT-201) - sftpg3 and scpg3 no longer send file size in attributes during file open as some 3rd party server implementations incorrectly rely on it as final size resulting in 0 byte file. (TECT-136) - Race condition in buffer, data structure and program memory release are fixed in sftpg3. (TECT-142) - Fixed a race condition that sometimes could lead to a crash of scpg3 client when new hostkey was not saved by user or declined by-design in batch mode. (TECT-176) - Fixed a race condition that sometimes could lead to a crash of ssh-broker-g3 when connection was attempted. (TECT-306) - Windows: Tectia Client GUI command-line options now overwrite the values in connection profile. 'ssh-client-g3 [-h host] [-u user] [-p port] [profile]' (TECT-336) - When user key renewal is disabled, the client no longer reports "Client key rotation failed: Key id N not found." upon successful publickey authentication when -K --identity-key-file or --identity option is used. Note that user key renewal should not be enabled if explicit key is defined in scripts as next login will fail after user key has been renewed. (TECT-464) - Client now uploads the new key correctly to found location(s) during user key renewal. Previously, if Tectia Server was configured to use exclusively openssh-authorized-keys-file="%D/.ssh/authorized_keys" or authorization-file="%D/.ssh2/authorization", the new key was uploaded to %D/.ssh2/authorized_keys directory only. Note that the client is able to check if the old key is found from the default locations. (TECT-311) - Windows: When a non-responsive SOCKS proxy is used for a connection, non-matching TCP connect attempts no longer block until proxied connection times out after 60 seconds. (TECT-210) - SHA2 signature algoritm can be now used with RSA keys with OpenSSH agent forwarding that implements agent forwarding protocol version 1. (TECT-246) - Passphrase protected key that is locked can now be used through agent forwarding if broker GUI is able to prompt the user for passphrase. (TECT-127) - OpenSSL generated passphrase protected PKCS#8 key no longer fails to be decoded. 5. Known Issues ----------------- The following issues are currently known to exist in Tectia Client: (FB #38886) - All Platforms: scpg3 and sftpg3 with --append overwrite the destination file when the server is OpenSSH 6.4 or older. (FB# 39847) - AIX: Host-based authentication in FIPS mode requires copying or linking the libcrypto.a to /lib or /usr/lib. (FB #36224, FB #36221) - Windows: Connections Configuration GUI: Dots do not work correctly in profile names or profile folder names, because they are used internally for the profile folder feature. (FB #36222) - Windows: Connections Configuration GUI: Empty connection profile folders are not saved in the Broker configuration. (FB #36835) - All platforms: Remote translation tables only work when the site command X=BIN is used. Local translation tables work as intended. (FB #19541) - Unix/Linux: When logged to the SSH Tectia Server, an executable will fail to start if any parent of the current working directory is not readable and relative paths are used to refer to the executable. (FB #13818) - All Platforms: The usage of IPv6 addresses in certificates is not yet supported. (FB #3882) - z/OS: SFTP fails when attempting to transfer an empty MVS dataset. However, FTP opens the file and proclaims that the transfer is completed without generating an error. (FB #10425) - Unix: if OpenSSL 0.9.8 is installed on the host where Tectia Server is installed, it may fail when using PAM with software that uses that OpenSSL library. Workaround if FIPS is not used: Rename the libcrypto.so.0.9.8 existent under /opt/tectia/sshlib to another name (note that this will make FIPS mode unusable). (FB #9840) - Solaris: On some Solaris configurations the ssh-capture tool does not function without configuring the operating system. The runtime linking environment must be adjusted to honor the LD_PRELOAD environment variable. See the manual page of crle(1) for details. (FB #9367) - Windows: If the installation fails with error message "An error occurred during the installation of assembly component {B708EB72-AA82-3EB7-8BB0- D845BAB35C93D}. HRESULT: 0x80070BC9" use Windows Update to install required operating system updates. (FB #9106) - AIX: Executables are now compiled in 64 bit. For PAM to work, the operating system should point to the 64-bit versions of PAM libraries instead of the 32-bit versions. (FB #9530) - All platforms: Extra checks are done when starting the Tectia Server and Connection Broker in the FIPS mode due to the OpenSSL FIPS cryptographic library health check. This will lead to a noticeable delay in the start of the process on slow machines. (FB #7726) - Windows: --summary-format newline option '\n' does not work on Windows. (FB #4725) - All platforms: The ssh-keygen will always use the default location of the UserConfigDirectory, if no path is specified. (FB #4705) - Linux SE: If the common package is installed with SElinux disabled, the following warning message will be given during the installation: /usr/bin/chcon: can't apply partial context to unlabeled file /opt/tectia/lib/shlib/libicudata.so.40 /usr/bin/chcon: can't apply partial context to unlabeled file /opt/tectia/lib/shlib/libicuuc.so.40 This can be safely ignored. However, if the SElinux enforcing is enabled after the installation, the following command needs to be executed: /usr/bin/chcon -t textrel_shlib_t /opt/tectia/lib/shlib/*.so (RQ #18958) - Windows: Password cannot be specified in a file with --password command-line option. (RQ #18674) - Windows: Uploading files from "Upload Dialog" of the GUI file transfer tool does not work when "Hide extensions for known file types" of Windows Explorer is set to 'yes'. Workaround: Enable file extensions. This issue will be fixed in an upcoming maintenance release. (RQ #17537) - Windows: If the "Transparent tunneling" component of Tectia Client or Tectia ConnectSecure is installed on a Windows XP computer in a domain where firewall exceptions are managed by a group policy, the exceptions get changed so that the computer becomes inaccessible from the network. Workaround: Edit the exceptions manually so that, for example, the server port becomes accessible. (RQ #17535) - Windows: SFTP GUI might cause the existing local copy of a file to be partially overwritten in ASCII mode, when downloading of the file from the remote server fails due to missing file permissions. (RQ #17528) - All platforms: The scpg3 command shows the transfer time incorrectly if "--statistics=simple" is set. (RQ #17482) - All platforms: When trying to connect to a server that is not available (i.e. the server is not running), the error message returned by sshg3 is "Unable to connect to Broker". It should return "Unable to connect to Server". (RQ #17368) - Windows: Reconnecting to the previously used Connection Profile by pressing Enter in the Tectia Terminal or File Transfer GUI may fail in some cases. Workaround: Select the profile from the menu. (RQ #17343) - Windows: Removing a token while it is being read could in some cases result in a Tectia Connection Broker failure. (RQ #17215) - Windows: Opening multiple remote tunnels in a profile against OpenSSH servers can cause Tectia Connection Broker to fail. (RQ #17055) - Solaris: Installation packages do not detect the underlying Solaris architecture to prevent installation of the x86-64 packages on x86 architecture. The packages can be installed but they will not work. (RQ #16986) - Windows: SFTP 'chmod' command is not supported against Tectia Server running on Windows. (RQ #16902) - Unix: If scpg3 is used to copy a file to itself, the file will be truncated and the scpg3 command hangs. (RQ #16573) - Unix: The 'finger' command does not show the idle time correctly when logged in using SFTP. (RQ #16276) - Windows: When running sftpg3 in batch mode, the Connection Broker may log the Broker_channel_process_exit_failed messages with status "Operation failed". These are system internal events and do not indicate any failure in the file transfer operation. (RQ #16270) - Windows: The exit values for scpg3 do not match the values mentioned in the documentation in the following error situations: connection lost, interrupting a file transfer using CTRL+C, trying to copy to a directory, but the destination is not a directory. Nevertheless, in all these cases the return value is non-zero. (RQ #15996) - All platforms: scpg3 does not warn about the existence of directories when shell globbing is used, for example: scpg3 "/tmp/testdir/*" user@server:/tmp However, the correct warning is displayed if the scpg3 command is used without globbing: scpg3 /tmp/testdir/* user@server:/tmp (RQ #15973) - All platforms: The certificate validation path construction from LDAP fails, if the LDAP server requires suffix ';binary' for the PKI binary blob attribute names. (RQ #15948) - Windows: If the Connection Broker is started for another userID using the 'runas' command, the user dialogs are shown for the user who started the process. (RQ #15921) - All platforms: The server creates empty files if a user tries to transfer files without correct server-side permissions. The correct error message is displayed. (RQ #15846) - Windows: Local TCP tunneling using listener port 0 does not work. (RQ #15006) - Windows: When accessing a Unix host using scpg3 or sftpg3, files with file names that contain characters that are illegal in Windows file names (for example: *, ? and ~) cannot be transferred or accessed if relative paths are used. Workaround: Use absolute paths for accessing the files on the Unix host and escape the illegal characters with the tilde character '~'. Note also that the files with illegal characters need to be renamed when transferred to Windows. For example, to copy a file "file*name.txt" from user's Unix home directory to Windows: C:\> scpg3.exe user@server:/home/user/file~*name.txt filename.txt (RQ #14227) - Windows: If trying to connect from a Windows GUI client to an OpenSSH server with a public key and option command="ls", the client hangs. When performed with the Windows command-line client (sshg3) it works properly. (RQ #14226) - Windows: When using regular expressions in filter rules the dot character '.' does not work as expected. For example, when using a filter rule for tunneling of telnet.exe using regular expression: '.*.ssh.com' the connection will not be tunneled even if the regular expression matched the host address. Workaround: Add a '\' in front of the '.' For example, the previous regular expression should be: '.*\.ssh\.com' (RQ #14222) - All platforms: If a wrong passphrase is provided several times for a key, the Connection Broker skips it and proceeds to the next key. If it is an OpenSSH key, once it has been skipped because of a decoding failure, the Connection Broker makes no further attempts to use the key on subsequent login attempts. The Connection Broker must be reloaded or restarted in order to use that OpenSSH key for authentication. (RQ #14109) - Windows: Secure file transfer speed may be slower against Tectia Server on Windows than against Tectia Server on Linux. (RQ #13377) - Windows: If multiple concurrent terminal services sessions are opened for the same user, the services sessions share the same Connection Broker session. This can cause the user banner and dialog boxes to be displayed to the wrong session. Opening several concurrent terminal services sessions for the same user does not provide secure separation of sessions. (RQ #11836) - All platforms: After changing the password on a Secure Shell server, but before logging in with the new password, either the Connection Broker must be restarted to close the previous connection, or the user must wait for the connection to time out (by default 5 seconds). If this is not done, login with the new password will not succeed. 6. Further Information ------------------------ More information can be found on the Tectia man pages and manuals. Tectia manuals are also available from https://www.ssh.com/manuals/ Additional licenses can be purchased by contacting sales at https://www.ssh.com/.