Release Notes
Product Description
CipherTrust Application Data Protection for .NET Core provides APIs for performing cryptographic and key management operations using CipherTrust Manager.
Release Description
This release includes bug fix.
Advisory Notes
It is recommended not to use the
Hostproperty; as this property will be deprecated in future release.Use the new log levels named NONE, ERROR, WARN (default), INFO, and DEBUG. If old log levels are used, they will be automatically set to WARN state.
Permissions
To run the CADP for .NET Core, it is important that users have the necessary read and write permissions for log files.
If users do not have appropriate permissions, the CADP for .NET Core will return an error.
.NET Standard
CADP for .NET Core version 8.14.1 is supported on .NET Standard 2.1.
Multi-threaded Application with Large Number of Threads and Sessions
When spawning a high number of threads with each thread opening a new session, and all threads getting spawned with a delay in milliseconds, the code takes few seconds to process SSL client certificates. On the other hand if the threads can share the session the delay in SSL Client Certificate processing can be avoided.
Features and Enhancements
Handled the Microsoft Security Advisory CVE-2024-30105.
Improvised the security for persistent cache.
(Key(s) present in the persistent cache file will be deleted. Persistent cache file will be updated with the same keys fetched from the CipherTrust Manager while performing crypto operations.)
Deprecated Support
The
Hostproperty is no longer required and will be deprecated in future release.The old log levels (LOW, MEDIUM, HIGH) are deprecated.
ProtectApp .NETCore 8.9 and earlier versions are now end of development.
Resolved and Known Issues
This section lists the issues fixed in this release. Also, the section lists the issues known to exist in the product at the time of release. The following table defines the severity of the issues listed in this section.
| Severity | Classification | Definition |
|---|---|---|
| C | Critical | No reasonable workaround exists. |
| H | High | Reasonable workaround exists. |
| M | Medium | Medium level priority problems. |
| L | Low | Lowest level priority problems. |
Resolved Issues
This section lists the issues fixed in this release.
| Issue | Severity | SynopsisSynopsis |
|---|---|---|
| CADP-21498 | H | Problem: CADP for .NET Core application crashes if the Syslog server IP is configured and the Syslog properties (such as Syslog_Framing_Type, Syslog_Format) are either set to blank or invalid values are specified. |
Known Issues
This section lists the issues known to exist in the product at the time of release.
| Issue | Severity | Synopsis |
|---|---|---|
| CADP-17523 | C | Problem: FF3-1/Card10 remote mode, the crypto operations don't work outside cardinality data provided in the input. Workaround: Use FF3-1/Card10 in local mode. |
| PAN-3064 | L | Problem: The HMAC ComputeHash API throws an error when data is more than 4096 bytes in remote mode. Workaround: Use the GenerateMac API. |
| CADP-11503 | M | Problem: The Special characters '&' and '<' are not supported in the Passphrase property.Workaround: Encrypt the Passphrase using PassphraseUtility and set the Passphrase Encrypted property to yes. |
| CADP-14766 | M | Problem: Decryption of remote encrypted bytes fails on local mode for AES/GCM versioned keys. |
| CADP-15995 | M | Problem: Special Character '&', '<' , and '>' are not supported in AAD data in AES/GCM. |
| CADP-24383 | H | Problem: In case of Versioned key, while using the AES/GCM algorithm, the auth tag generated for local mode and remote mode are different. Data encrypted through local mode can be decrypted through local mode only. Workaround: To resolve this issue, data encrypted through any other connector can be decrypted through CADP for .NET Core remote mode only. |
| CADP-3914 | M | Problem: User Group Permission - Remote Mode should not check the group permissions. |
| CADP-26826 | H | Problem: CADP for .NET Core will not switch over to the next CipherTrust Manager when the CipherTrust Manager for the session in ConnectionPool is unreachable for Crypto Operations. |
| CADP-27163 | H | Problem: The CADP for .NET Core SDK does not support tiers with duplicate NAE_IP addresses, the process fails with an exception 'An item with the same key has already been added'. |
| CADP-27094 | H | Problem: CADP for .NET Core High Availability does not support automatic failover if the primary server is unreachable. |
Compatibility Information
Supported Target Frameworks
.NET 6.0
.NET 8.0
Supported Platforms
CADP for .NET Core is tested on the following platforms:
Windows Server 2019 Datacenter
Red Hat Enterprise Linux 8.0 (Ootpa)
macOS 13.3
Ubuntu 20.04
Key Manager
CipherTrust Manager 2.2 and higher versions.
Deliverables
This release includes the following components:
NuGet Package (CipherTrust.CADP.NETCore)
Product documentation is available on Thalesdocs
CADP for .NET Core samples are available on GitHub
We have attempted to make these documents complete, accurate, and useful, but we cannot guarantee them to be perfect. When we discover errors or omissions, or they are brought to our attention, we endeavor to correct them in succeeding releases of the product.
Limitations
For SSL connection, if multiple NAE servers are specified in the properties file, the Common Name/SAN must be same for all the server certificates. The
Hostproperty in the properties file only supports single value.For Persistent Cache to work properly, the total number of key versions on the CipherTrust Manager should be less than 10.
