mendelson AS2 server 2024
What is new
- The used TLS security provider will be shown up in the overview of the supported TLS protocols now (Client: File-Display HTTP server configuration)
- In the mail notification settings you have now the option to find out automatically your mail server settings by entering your notification receiver mail address
- Added support for the client credentials autorization (RFC 6749 4.4) in the OAuth2 plugin
- The original filename verification has been enhanced
- Reworked the import/export functions of the certificate manager
- Added support for Ed25519 key generation in the certificate manager
- The client-server communication has been reduced by adding an additional compression layer
- Moved the XML API plugin to the plugin directory
- Added the default values of the server settings to the interactive UI help - this allows the user to restore the default values once he has changed this
- The server preferences are cached now in the server processing, this reduces the number of database accesses signficant
- Certificate manager: Display the sign algorithm and the name of the EC curve in the overview
- Key generation: Adding support for SHA-2 512, SHA2 512 PSSRSA, SHA3 512 und SHA-3 512 PSSRSA signed keys
- Added the description howto setup a TLS proxy for inbound TLS connections to the documentation
- Added the possibility to generate a subject key identifier (ski) extension in the key generator of the certificate manager
- Added an own notification for client-server connection problems - formerly it was just reported as system error which is not really the case
- The formerly file based key/certificate management has been moved to the database. This results in less file IO and more stable operations in cluster mode. R/O and access problems to keystore files are no longer an issue during operations.
- Added the possibility to export a full keystore file from the certificate manager
- Added the possibility to import a full keystore file to the system at server start
- Removed several filesystem based configuration checks regarding keystore files
- Removed several keystore file related server settings and configuration interfaces
- It's now possible to overwrite the certificate related security settings of the used local station per partner - XML API: There are changes in the partner related xml structure, please refer to the included schemas for changes
- Modified the data migration assistant: Added the possibility to migrate the server settings and the key/certificate information from the internal database to external databases
- Added a more detailled error message if the postprocessing step "move file" failed
Resolved problems
- Fixed the error "Comparison method violates its general contract" that occurs very seldom in the certificate processing
- Fixed a serialization security issue in the http client package, thanks to MOGWAI LABS for reporting the problem
- There was a problem in the TLS certificate manager that it was not possible to delete all expired certificates at once
- Changes in the keystore via the XML API did not save the changes
- Certificate Manager: It was not possible to export private keys into an external PKCS#12 keystore if their algorithm was EC or EdDSA
- Fixed problems with the basic authentication for outbound connections
Updated software dependency packages
- Update to Bouncycastle v176 (crypto API)
- Update to jetty 10.0.18 (embedded HTTP server)
- Update to Lucene 9.8.0 (indexing of system events)
- Update to MINA 2.2.3 (client-server interface)
- Update to HSQLDB 2.72