mendelson AS2 Server 2024 released

min read
A- A+
mendelson AS2

mendelson AS2 server 2024

What is new

  • The used TLS security provider will be shown up in the overview of the supported TLS protocols now (Client: File-Display HTTP server configuration)
  • In the mail notification settings you have now the option to find out automatically your mail server settings by entering your notification receiver mail address
  • Added support for the client credentials autorization (RFC 6749 4.4) in the OAuth2 plugin
  • The original filename verification has been enhanced
  • Reworked the import/export functions of the certificate manager
  • Added support for Ed25519 key generation in the certificate manager
  • The client-server communication has been reduced by adding an additional compression layer
  • Moved the XML API plugin to the plugin directory
  • Added the default values of the server settings to the interactive UI help - this allows the user to restore the default values once he has changed this
  • The server preferences are cached now in the server processing, this reduces the number of database accesses signficant
  • Certificate manager: Display the sign algorithm and the name of the EC curve in the overview
  • Key generation: Adding support for SHA-2 512, SHA2 512 PSSRSA, SHA3 512 und SHA-3 512 PSSRSA signed keys
  • Added the description howto setup a TLS proxy for inbound TLS connections to the documentation
  • Added the possibility to generate a subject key identifier (ski) extension in the key generator of the certificate manager
  • Added an own notification for client-server connection problems - formerly it was just reported as system error which is not really the case
  • The formerly file based key/certificate management has been moved to the database. This results in less file IO and more stable operations in cluster mode. R/O and access problems to keystore files are no longer an issue during operations.
  • Added the possibility to export a full keystore file from the certificate manager
  • Added the possibility to import a full keystore file to the system at server start
  • Removed several filesystem based configuration checks regarding keystore files
  • Removed several keystore file related server settings and configuration interfaces
  • It's now possible to overwrite the certificate related security settings of the used local station per partner - XML API: There are changes in the partner related xml structure, please refer to the included schemas for changes
  • Modified the data migration assistant: Added the possibility to migrate the server settings and the key/certificate information from the internal database to external databases
  • Added a more detailled error message if the postprocessing step "move file" failed

Resolved problems

  • Fixed the error "Comparison method violates its general contract" that occurs very seldom in the certificate processing
  • Fixed a serialization security issue in the http client package, thanks to MOGWAI LABS for reporting the problem
  • There was a problem in the TLS certificate manager that it was not possible to delete all expired certificates at once
  • Changes in the keystore via the XML API did not save the changes
  • Certificate Manager: It was not possible to export private keys into an external PKCS#12 keystore if their algorithm was EC or EdDSA
  • Fixed problems with the basic authentication for outbound connections

Updated software dependency packages

  • Update to Bouncycastle v176 (crypto API)
  • Update to jetty 10.0.18 (embedded HTTP server)
  • Update to Lucene 9.8.0 (indexing of system events)
  • Update to MINA 2.2.3 (client-server interface)
  • Update to HSQLDB 2.72