mendelson OFTP2 2025 released
What is new
- The OFTP2 extensions according to the OFTP2 Implementation Guideline v3.1 have been implemented. This includes primarily the following points: TLSv1.3 support, new Cipher Suite 07 AES_256_CBC RSA_PKCS1_15 SHA3-512
- For incoming requests for data transfer, the following rejection messages have been added: SFNAREAS='15' (Cipher suite not supported), SFNAREAS='18' (Compression not allowed)
- Client/Server: Both client and server now also support the languages Spanish, Italian, French, and Portuguese. The language can either be set manually (command line parameter, client settings) or automatically detected by the system if this language is selected in your OS.
- Client: Most checkboxes have been replaced by toggle switches
- Client: New font sizes have been introduced for buttons, tabs, and logs
- Client: A High Contrast Mode is now available, which can be enabled in the client settings
- Client: The connection graph in the partner management section has been extended with the options "Do not connect" and "Query"
- Configuration Check: The following checks have been added: Number of file handles, sufficient memory availability
- Certificate Manager: The entire certificate chain of a certificate can now be exported as PEM in one step
- Certificate Manager: When exporting/importing a private key (pkcs#12), the entire certificate chain can now optionally be exported/imported as well
- Certificate Manager: Private keys can now also be exported as PEM
- Certificate Manager: A check for the Certificate Revocation List (CRL) is now possible
- REST API: Status 401 is now returned when client-server authentication fails
- REST API: Access to certificates is now possible
- REST API: It is now possible to perform a connection test
Solved problems
- REST API: Under high load, database connections remained open
- The expiration time of a transaction was calculated from the creation date - it should have been calculated from the sending date
- Certificate Manager: A CSR could not be generated for EC keys
- Certificate Manager: Some keys were displayed as valid but marked in red
- Certificate Manager: Certificates could not be deleted even though they were set but not in use
- Certificate Manager: The copy function between certificate managers copied keys but not certificates
- XML API: The performance of the XML API has been improved
- XML API: Escape options for alias values were missing
- Post-processing: All calls for post-processing that involved a system command did not wait for the return code
- Postgres: Postgres does not create an automatic index for secondary keys - these are now manually created in the case of the Postgres plugin
- No SFNA was thrown for incoming data transfer requests if the incoming SFID identifier already existed as "VFN VFD VFT"
- Encryption/Signature certificates were not updated for incoming connections. As a result, there were occasional issues where incoming connections were based on the previous certificate management state after certificate changes
Updated/new software packages
- Update to Bouncycastle v179 (Crypto API)
- Update to Lucene 9.11.0 (Indexing of system events)
- Update to MINA 2.2.4 (Client-Server interface)
- Update to HSQLDB 2.74 (Integrated database server)
- Update to Batik 1.18 (SVG icons)
- Update to Hikari 6.2.1 (Database pool)
- REST API: Update to Jetty 10.0.24 (HTTP server)