01/2015 mendelson opensource AS2 1.1 b47
*It's possible to clone an existing partner in the partner management now
*You could create a communication data sheet (editable PDF) now in the user interface. The PDF contains all settings of your selected local station and requests the settings of your partners system. The PDF contains the required certificates as attachment. Just send it to your partner to ask him for his communication parameters and deliver yours. Please remember that the standard MAC OS PDF reader does not support PDF attachments. Please install an other PDF reader if you are using this OS.
*The partner panel contains additional fields for the partner address and partner contact now, this is written to the communication data sheet if created
*You could manually resend more than a single transaction now (this will create new transactions). Please select multiple transactions in the transaction overview. Right mouse on it opens the related context menu.
*The private key generator found in the certificate manager supports SHA256WITHRSA now. This allows to sign your certificates using SHA-2 as some providers are moving away from SHA-1. Please remember that there might be AS2 programs out that cannot work with these certificates - please clarify this first before signing your certificates with SHA-2.
*Removed all RMI code (which was slow) - the communication between the receipt servlet and the AS2 processing unit is based on apache MINA now. This results in higher processing message throughput and port 1099 is no longer used by the AS2 server.
*The directory "_rawincoming" is managed by the system maintenance process new - it will delete old messages there. If you setup the system maintenance process (which is recommended) it will care for the old files in this directory.
*The underlaying HTTP server (jetty v6) has been replaced by jetty v9. The reason is that it is possible now to disable transport layer security protocols (e.g. SSLv3) and weak ciphers/hash algorithms. If you are updating from a mendelson AS2 with underlaying jetty v6 there are some manual changes required - please refer to update_howto.txt which is part of the package. SSLv3 and some weak ciphers are disabled now by default. Please edit the file jetty9/etc/jetty.xml to change these defaults or to add other weak ciphers which should be no longer supported by your AS2 instance. The new jetty instance will be found in the directory "jetty9" after an update/clean install. But as always: Please do not rely on the transport security only, always encrypt and sign your data!
To disable ciphers please add them to the "ExcludeCipherSuites" section in jetty9/etc/jetty.xml:
To disable SSL protocols add them to the "excludeProtocols" section jetty9/etc/jetty.xml:
*The JAVA VMs DNS caching has been set to 60s (Windows installer only). This is a setting done in the file jre/lib/security/java.security. Please set it manually if required and you are on a non windows system, add the line
In older versions this was set in the program code but it turned out that this was useless as these settings are read once on JVM start and setting them later in the program code has no effect at all.
*If a certificate had been exported to p7b format it contained the end certificate only - without the trust chain certificates
*There were problems if the certificate was not in PEM but additional BASE64 encoded if you tried to import it. This is very uncommon - we encountered this only once.
*Importing certificates in p7b format now imports the full trust chain and the end certificate. In older versions just the end certificate was imported.
*If the send partner was unknown the system always sent a sync MDN with the error message "unknown partner" - even if the sender requested an async MDN
*The certificates have not been sorted proper by their date in the display of the certificate manager.
*The sent MDN was always signed - even if the partner requested an unsigned MDN
*A SQL injection was possible in the message delete procedure - that was also the reason that some transactions could not be deleted by the system.
*Update to BC 1.51 (crypto API, see https://www.bouncycastle.org/)
*Update HTTP components to 4.3.5 (see http://hc.apache.org/)
*Update servlet API to 3.1 (comes with the new jetty v9 webserver)
*Updated jetty to v9 (unterlaying HTTP server, see http://download.eclipse.org/jetty/)
*Update to Apache MINA 2.09 (client-server interface, see https://mina.apache.org/)