Release Notes for SSH Tectia Connector 5.3.7 -------------------------------------------- 02 January 2008 (C) 2007 SSH Communications Security Corp. This software is protected by international copyright laws. All Rights Reserved. Table of Contents 1. About This Release 2. New Features 3. Bug Fixes and Minor Features 4. Known Issues 5. Further Information 1. About This Release --------------------- The SSH Tectia Client/Server solution 5.3 is an end-to-end communications security solution for multi-platform environments. It is based on the Secure Shell technology from the original developers. The SSH Tectia Client/Server solution consists of four base products: * SSH Tectia Server * SSH Tectia Server for IBM z/OS * SSH Tectia Client * SSH Tectia Connector The base products are expandable with the following add-on products: * EFT Expansion Pack for SSH Tectia Server * EFT Expansion Pack for SSH Tectia Client * Tunneling Expansion Pack for SSH Tectia Server SSH Tectia Client 5.3 with EFT Expansion Pack provides a secure file transfer client to be used in conjunction with SSH Tectia Server with EFT Expansion Pack to enable enhanced, high-performance file transfers in heterogeneous enterprise environments. We recommend uninstalling any SSH Secure Shell and SSH Tectia 4.x products, before installing SSH Tectia Client 5.3. 2. New Features --------------- In 5.3.3: --------- - All platforms: Connector includes now ssh-scepclient-g3, a command for enrolling certificates using the SCEP protocol. In 5.3.2: --------- - New platform support: Microsoft Windows Server 2003. - It is no longer necessary to create a separate connection profile for each destination host used in the Connector filter rules. A profile which has the special value %DESTINATION_HOSTNAME% for the hostname causes the Connector to pick up the destination IP address from the tunneled application, and opens the tunnel to the same host. The username and port for the Tectia Server are still specified in the profile. In 5.3.0: --------- Microsoft Windows 2000 is no longer officially supported by SSH Tectia Connector. 3. Bug Fixes and Minor Features ------------------------------- In 5.3.3: --------- - Windows: The FTP-SFTP conversion tool can now recognize local networks without DNS. - Windows: The CA certificate view is now reformatted to accommodate certificates with lots of information. - Windows: The Connection Broker no longer fails when using PKCS#12 certificates in FIPS mode. In 5.3.2: --------- - Windows: Fixed a problem where Connector failed to tunnel some applications (e.g. telnet). In 5.3.1: --------- - Windows: The host key page in the configuration GUI now displays the hashed host keys better. - All platforms: Fixed an issue causing the client to crash if it started the SSH Tectia Connection Broker in the run-on-demand mode and the Broker exits for some reason (for example, on user request). - Windows: The Connection Broker configuration GUI now shows a warning, if a user configuration file does not exist yet and the default configuration is used instead. The MSCAPI, Entrust and PKCS#11 providers configured in the global configuration are now taken into account in the Connection Broker configuration GUI. - Windows: The Connection Broker configuration GUI no longer allows attempting to generate keys with " or ? in their file name, or with too long filename. (#11976) - Windows: If the key generation fails in the Connection Broker configuration GUI, the key is no longer added to the key list. In 5.3.0: --------- - Windows: The key generation now warns the user if a key with the same name already exists. 4. Known Issues --------------- The following issues are currently known to exist in SSH Tectia Connector: - Windows: SSH Tectia Connector and Client with EFT Expansion Pack installations remove the Windows firewall exceptions. After the installation, the firewall exceptions must be added back manually. - All platforms: The FTP-SFTP conversion does not show the SSH Tectia Server banner message. - Windows: The Connection Broker user dialogs are shown in a wrong session if multiple remote desktop sessions are established to Windows Terminal Server using the same userID. - Windows: The FTP-Proxy and Connector rules are not applied properly when filtering by port. Workaround: If you have rules that specify 'any' as a host, place them last in the rule list. - Windows: The dot character '.' makes some regular expressions to not to work. For example, when using a filter rule for tunneling of telnet.exe using regular expression: .*.ssh.com the connection will not be tunneled even if the regular expression matched the host address. Workaround: add a '\' in front of the '.' For example the previous regular expression should be: .*\.ssh\.com - Windows: When the user creates a filter rule for certain applications (e.g firefox.exe), and later decides to filter another application (e.g. telnet.exe ), both applications will use the same filters unless the first application is restarted. - Windows: The PKCS#12 certificates cannot currently be imported via the GUI. - The Connection Broker forgets the passphrase for decoded keys, after a new configuration is applied. - All platforms: After a password change on a Secure Shell server, but before logging in with the new password, the Connection Broker must be restarted to close the previous connection, or the user must wait for the connection timeout (by default 5 seconds). If this is not done, login with the new password will not succeed. - Windows/Unix: Crypticore cipher and/or MAC are available also in the FIPS mode. 5. Further Information ---------------------- More information can be found from the man pages and from the SSH Tectia manuals, which are also available at: http://www.ssh.com/support/. For additional licenses please contact local SSH Office or a Partner for Enterprise Sales: http://www.ssh.com/buy/contact/.