We are excited to announce the release of wolfSSH version 1.4.17, which comes packed with several improvements, new features, and important fixes to enhance security and functionality. This release is a testament to our commitment to providing a robust and reliable SSH library for developers.
Vulnerability Fixes
In this version, we have addressed a critical vulnerability that could potentially allow a maliciously crafted SSH client to bypass user authentication within the wolfSSH server code. This fix ensures that messages are properly filtered during different operational states, significantly improving the overall security posture of wolfSSH.
For more details on the vulnerabilities fixed, we encourage you to visit our vulnerability page for a comprehensive overview.
New Features
- More Configuration Options for Key Exchange (KEX)We have introduced new functions that allow users to set algorithms lists for Key Exchange (KEX) at runtime. Additionally, users now have the ability to inspect which algorithms are set or available for use, providing greater flexibility and customization.
- Curve25519 KEX SupportOne of the notable additions in this release is the inclusion of Curve25519 Key Exchange (KEX) support for both server and client key agreement. This cryptographic enhancement further strengthens the security of the SSH connections established using wolfSSH.
- Soft Disabling of SHA-1With version 1.4.15, we had disabled SHA-1 in the build by default due to its known vulnerabilities. However, in response to user feedback and to accommodate specific use cases, we have re-enabled SHA-1 in the build with a “soft” disabled status. This means that algorithms utilizing SHA-1 can now be configured for Key Exchange (KEX), providing users with more options while maintaining a cautious approach to security.
Enhancements
In addition to the new features, wolfSSH 1.4.17 also brings a round of enhancements aimed at improving various aspects of the library:
- Better Testing: We have enhanced our testing procedures to ensure more robust and reliable performance across different scenarios.
- Improved Portability: The library now offers improved portability, making it easier to integrate wolfSSH into a wide range of platforms and environments.
- Terminal Enhancements: We have addressed issues related to shell terminal window resizing, creating a smoother and more user-friendly experience for terminal-based applications.
- SFTP Improvements: Several corner cases with the SFTP functionality have been fixed, enhancing the overall stability and reliability of SFTP operations.
- RSA Signature Verification: Fixes have been implemented to ensure accurate and secure verification of RSA signatures.
- Zephyr Compatibility: For users working with the Zephyr operating system, file mode bits are now properly masked, improving compatibility and functionality.
- Memory Leak Fix: A fix has been applied to address a potential memory leak issue related to setting up a pseudoterminal, ensuring efficient memory management within the library.
Conclusion
Upgrade to wolfSSH 1.4.17 for enhanced security with a fix for a critical authentication bypass vulnerability. Benefit from new features like Curve25519 KEX support and algorithm list configuration. This release also brings improved testing, portability, terminal enhancements, and fixes for SFTP and RSA signature issues. For details, check our GitHub ChangeLog. Thank you for choosing wolfSSH for secure and reliable SSH solutions.
If you have questions about any of the above, please contact us at facts@wolfSSL.com or call us at +1 425 245 9247.
Download wolfSSL Now