Beta 1 is available for tests

 
Post new topic   Reply to topic    Aprelium Forum Index -> 2.14 Beta
View previous topic :: View next topic  
Author Message
admin
Site Admin


Joined: 03 Mar 2002
Posts: 1127

PostPosted: Mon May 04, 2020 2:12 pm    Post subject: Beta 1 is available for tests Reply with quote

Dear all,

We're glad to announce the release of the first Beta of the upcoming Abyss Web Server version 2.14.

The major new feature of this version is TLS 1.3 support. The detailed list of changes and new features is listed below.

DISCLAIMER:

This Beta release is not suitable for production environments. Use it only for test purposes. Do not distribute it. This is not the final product and it may be unstable or contain bugs.

GETTING THE NEW BETA:

Please do not use this test release if you are not familiar with Abyss Web Server.

Installation and upgrading instructions are exactly the same as those already in http://www.aprelium.com/abyssws/download.php .

NOTE TO X2 USERS:

Beta 1 is available upon request for X2 customers. Please contact our priority technical support to enable Beta access for your user account.

IMPORTANT NOTES:

When upgrading from a previous version, we recommend that you first make a backup copy of your old abyss.conf file.

The documentation shipping with the Beta is updated and documents the new additions.

This Beta release's internal version is 2.12.5. This is not a mistake. The final stable version will be numbered 2.14

CHANGES AND NEW FEATURES:

  • SSL/TLS

    • Added support for TLS 1.3
    • Added support ciphers based on Elliptic-curve Diffie-Hellman (ECDH) and Diffie-Hellman key Exchange (DHE)
    • Exposed a parameter in custom SSL/TLS profiles declarations to honor server ciphers list order
    • Updated predefined SSL/TLS profiles to account for modern browsers and TLS 1.3 introduction
    • Removed support for the deprecated and insecure SSL3 protocol

  • ACME

    • Added HTTP proxy configuration to ACME Bot
    • Added support for POST-as-GET in ACME
    • Added support for skipping hostname * from ACME certificate generation

  • Server Core

    • Updated HTTP OPTIONS verb handling to fully respect the HTTP/1.1 specification
    • Improved HTTP headers request and response processing to respect all the edge cases of the HTTP/1.1 specification (empty HTTP headers, folding of multiple-valued headers, special handing of Set-Cookie and Set-Cookie2 headers)
    • Fixed a bug occurring with X-Sendfile when both chunked encoding and compression are active
    • Updated IP address string conversion to generate easier-to-read IPv4 addresses instead of IPv4-over-IPv6 style ones

  • SSI

    • Updated SSI processing of expressions to add support for the == comparison operator
    • Fixed SSI parsing of attribute values enclosed between quotes or backticks
    • Added proper regular expression parsing in SSI

  • Windows specific changes

    • Improved Windows installer
    • Updated the Windows installer to restrict access permissions to the installation directory and to the kcstore subdirectory

  • macOS specific changes

    • Added notarization to conform to the stricter security rules of macOS Catalina 10.15
    • Modernized the DMG package for macOS (added a graphical background with installation instruction)
    • Deprecated old method to run privileged operations on macOS and replaced it by a proper helper tool
    • Updated the Help book to be conformant to the modern macOS help specifications

  • Operating systems compatibility

    • Changed minimum operating system requirement to Windows XP, Mac OS X 10.9 and any Linux with GLIBC 2.4
    • Updated integrated documentation to adapt to dark mode on macOS and Windows 10
    • Cleaned the source code base from artifacts related to legacy operating systems.

YOUR FEEDBACK IS IMPORTANT TO US:

We're eagerly waiting for any feedback from you. Please let us know how the new features worked for you.

If you're using macOS, please feel free to let us know what you think about the specific changes affecting that edition.

Please send us your bug reports and feedback to support@aprelium.com .

WE ARE HERE TO HELP:

If you experience any issue during the updating process or have any feedback, please feel free to contact priority@aprelium.com.

THANK YOU!

Thank you for supporting Abyss Web Server.
_________________
Follow @abyssws on Twitter
Subscribe to our newsletter
_________________
Forum Administrator
Aprelium - https://aprelium.com


Last edited by admin on Fri May 22, 2020 5:07 pm; edited 1 time in total
Back to top View user's profile Send private message
tfh
-


Joined: 03 May 2020
Posts: 39
Location: Netherlands

PostPosted: Mon May 04, 2020 3:24 pm    Post subject: Reply with quote

Downloaded. I will install it this week and let you know if I run in to issues.
_________________
https://www.arnauddeklerk.com
https://www.file-hunter.com
Back to top View user's profile Send private message Visit poster's website
Paulie
-


Joined: 20 Feb 2016
Posts: 8

PostPosted: Mon May 04, 2020 10:09 pm    Post subject: Reply with quote

Is this new version of Abyss fully TLS compliant?

Does it now send a "close_notify" before closing a connection?
If it does not send "close_notify" it can be vulnerable to an attack.

Latest version of libcurl will terminate with Error when connecting to Abyess because current versions of Abyss are not sending a "close_notify" when a connection is finished.
This is in the schannel.c file:
Quote:
/* Error if the connection has closed without a close_notify.
Behavior here is a matter of debate. We don't want to be vulnerable to a
truncation attack however there's some browser precedent for ignoring the
close_notify for compatibility reasons.
*/
Back to top View user's profile Send private message
admin
Site Admin


Joined: 03 Mar 2002
Posts: 1127

PostPosted: Tue May 05, 2020 10:37 am    Post subject: Reply with quote

Paulie,

Thank you for spotting that issue.

We'll be reviewing the connection shutdown process and will let you know about our findings.
_________________
Follow @abyssws on Twitter
Subscribe to our newsletter
_________________
Forum Administrator
Aprelium - https://aprelium.com
Back to top View user's profile Send private message
tfh
-


Joined: 03 May 2020
Posts: 39
Location: Netherlands

PostPosted: Sat May 09, 2020 12:17 pm    Post subject: Reply with quote

I've been running the beta on https://download.file-hunter.com
Did some TLS1.3 tests which went fine. Haven't tried any of the other features though. Haven't run into any problems yet.
_________________
https://www.arnauddeklerk.com
https://www.file-hunter.com
Back to top View user's profile Send private message Visit poster's website
TRUSTAbyss
-


Joined: 29 Oct 2003
Posts: 3740
Location: USA, GA

PostPosted: Sun May 10, 2020 8:17 am    Post subject: Reply with quote

Giving this a go right now. Yep, still active, just busy as ever with work and stuff. :)
_________________
Computer Programmer & Networking Specialist
Back to top View user's profile Send private message Visit poster's website
admin
Site Admin


Joined: 03 Mar 2002
Posts: 1127

PostPosted: Wed May 13, 2020 4:46 pm    Post subject: Reply with quote

Dear all,

Many thanks for your feedback about the new version.

All reports we got so far are very encouraging. There are still some fixes to apply here and there before moving to Beta 2 which we expect to release during the next week.

Please keep sending us your remarks and suggestions... Thanks for your support.
_________________
Follow @abyssws on Twitter
Subscribe to our newsletter
_________________
Forum Administrator
Aprelium - https://aprelium.com
Back to top View user's profile Send private message
admin
Site Admin


Joined: 03 Mar 2002
Posts: 1127

PostPosted: Fri May 22, 2020 5:13 pm    Post subject: Reply with quote

Paulie,

Please check the second Beta we have just released. Please let us know if it fixed the issue you have reported.

https://aprelium.com/forum/viewtopic.php?t=548771
_________________
Follow @abyssws on Twitter
Subscribe to our newsletter
_________________
Forum Administrator
Aprelium - https://aprelium.com
Back to top View user's profile Send private message
Paulie
-


Joined: 20 Feb 2016
Posts: 8

PostPosted: Fri May 22, 2020 9:21 pm    Post subject: Reply with quote

admin wrote:
Please check the second Beta we have just released. Please let us know if it fixed the issue you have reported.


Just tested with v2.12.5 Beta 2 and it looks like you have fixed the problem !!
Back to top View user's profile Send private message
admin
Site Admin


Joined: 03 Mar 2002
Posts: 1127

PostPosted: Fri May 22, 2020 9:27 pm    Post subject: Reply with quote

Paulie wrote:
admin wrote:
Please check the second Beta we have just released. Please let us know if it fixed the issue you have reported.


Just tested with v2.12.5 Beta 2 and it looks like you have fixed the problem !!


Great! Thank you again for pointing us to the right direction with this issue.
_________________
Follow @abyssws on Twitter
Subscribe to our newsletter
_________________
Forum Administrator
Aprelium - https://aprelium.com
Back to top View user's profile Send private message
Display posts from previous:   
Post new topic   Reply to topic    Aprelium Forum Index -> 2.14 Beta All times are GMT + 1 Hour
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum


Powered by phpBB phpBB Group