FT-Family Firmware History (Including FT-Soft)


----------

FT-6632, FT-6606, V3.07 Release Notes 12/4/2020

1.0 INTRODUCTION

This release adds the following features:

The end-user may optionally disable date checking on certificates. Two configuration items were added to "Tunnel - Advanced". One called "Allow not yet valid certificates" and the other called "Allow expired certificates".

When the tunnel starts, it will log the validity period and the serial numbers for the installed CA certificate and the certificate for the local key to the tunnel log. This will aid in debugging certificate errors.

When a peer tunnel presents a certificate that is outside of its validity period, the local tunnel will clearly log the validity period for the peer certificate.

----------

FT-6632, FT-6606, V3.06 Release Notes 12/4/2020

1.0 INTRODUCTION

This release corrects several possible vulnerabilities in the web server. This includes addressing the SWEET32 vulnerability in TLS and disabling support for TLS v1.0. This means that the web server will only support TLS v1.1 and v1.2. As a result, users relying on Windows XP to configure the FT-6606 and FT-6633 systems may find that they can no longer connect to the web server.

Formerly, the bridge utilized TLS v1.0 for the transport protocol. This release adds support for TLS v1.2. The end-user may select the transport protocol during configuration. All FTs operating in an application must be configured for the same transport protocol. TLS v1.0 is now considered deprecated and should not be used for new applications.

When operating in TLS v1.2 mode, the underlying encryption protocol is AES256-GCM-SHA384.

----------

FT-6601, FT-6602, FT-6630 V2.11 Release Notes 12/4/2020

1.0 INTRODUCTION

This release adds the following features:

Formerly, the bridge utilized TLS v1.0 for the transport protocol. This release adds support for TLS v1.2. The end-user may select the transport protocol during configuration. All FTs operating in an application must be configured for the same transport protocol. TLS v1.0 is now considered deprecated and should not be used for new applications.

When operating in TLS v1.2 mode, the underlying encryption protocol is AES256-GCM-SHA384.

The end-user may optionally disable date checking on certificates. Two configuration items were added to "Tunnel - Advanced". One called "Allow not yet valid certificates" and the other called "Allow expired certificates".

When the tunnel starts, it will log the validity period and the serial numbers for the installed CA certificate and the certificate for the local key to the tunnel log. This will aid in debugging certificate errors.

When a peer tunnel presents a certificate that is outside of its validity period, the local tunnel will clearly log the validity period for the peer certificate.

----------

FT-Soft V1.05 Release Notes 12/4/2020

1.0 INTRODUCTION

This release adds the following features:

Formerly, the bridge utilized TLS v1.0 for the transport protocol. This release adds support for TLS v1.2. The end-user may select the transport protocol during configuration. All FTs operating in an application must be configured for the same transport protocol. TLS v1.0 is now considered deprecated and should not be used for new applications.

When operating in TLS v1.2 mode, the underlying encryption protocol is AES256-GCM-SHA384.

The end-user may optionally disable date checking on certificates. Two configuration items were added to the configuration dialog. One called "Allow not yet valid certificates" and the other called "Allow expired certificates".

When the tunnel starts, it will log the validity period and the serial numbers for the installed CA certificate and the certificate for the local key to the tunnel log. This will aid in debugging certificate errors.

When a peer tunnel presents a certificate that is outside of its validity period, the local tunnel will clearly log the validity period for the peer certificate.

----------

FT-6601, FT-6602, FT-6630 V2.1 Release Notes 11/3/2020

1.0 INTRODUCTION

This release corrects several possible vulnerabilities in the configuration web server. This includes addressing the SWEET32 vulnerability in TLS and disabling support for TLS v1.0. The web server will now only support TLS v1.1 and v1.2. As a result, users relying on Windows XP to configure the FT-6601, FT-6602, and FT-6630 systems may find that they can no longer connect to the web server.

----------

FT-Soft V1.04 Release Notes 6/20/2020

1.0 INTRODUCTION

This release adds the following feature to FTSoft for Windows 10:

Support for fail-over to a backup FT Server. Similar to the FT-66xx hardware, FT-Soft can be configured with a backup server IP and port. If a connection to the primary server IP and port cannot be established, FT-Soft will attempt to connect to a backup server IP and port. While connected to the backup, FT-Soft will periodically attempt to reconnect with the primary. Reconnection attempts are randomized between 5 and 10 minutes.

This release also updates the OpenSSL library used by FT-Soft to v1.0.1u and the OpenSSL FIPs cryptographic module to v2.0.8. The FIPs 140-2 certificate is now #1747.

----------

FT-6606, FT-6632 VERSION 3.05 June 8, 2020

This release corrects the following issue:

Multicast-snooping was running even though the configuration was set for disabled. In most applications this would not cause any issue. However, some applications, especially those where the FT is carrying multiple VLANs, may have a problem. The problem would manifest where multicast seems to operate correctly for 5 to 10 minutes, then stop running. Resetting the FT, pulling and reinserting the LAN cable, or stopping and restarting the multicast application would cause the multicast to resume again for 5 to 10 minutes.

----------

FT-6606, FT-6632 VERSION 3.04 August 6,2018

This release corrects the following issue:

-Modified handling of empty Ethernet packets. When running on the 2.6 kernel, empty Ethernet packets did not cause any issue. The system would discard them automatically. With the 4.x series kernel it causes an interface error. This error is non-fatal, but the software will reset the interface, resulting in 1 to 2 seconds of dropped packets. This release will detect and discard empty Ethernet packets before they are sent to the interface driver.

----------

FT-6601, FT-6602, FT-6630 VERSION 2.09 October 11, 2017

This release corrects the following issue:

- The Time-Zone setting was not being passed to all sub-processes. This would cause the time-stamps to be shown in UTC.

----------

FT-6632 VERSION 3.03 October 11, 2017

This release corrects the following issue:

- A change in the Time-Zone setting required a reboot to take effect.

----------

VERSION 3.02 September 19, 2017

This release corrects the following issue:

Ethernet Tunnel configuration changes cause a slow response from the web browser. This issue is not fatal, but is annoying. It is a result of implementing a new MAC address range for the Ethernet controllers and the way MAC addresses are prioritized in a bridge.

----------

FT-6601, FT-6602, FT-6630 firmware Version 2.08 1/27/2017

1.0 INTRODUCTION

This release add the following features:

A layer-3 firewall was added in front of the untrusted tunnel server port. Since the FT products use TCP for the tunnel connection, this opens up the problem of nuisance TCP connections to the server. The layer-3 firewall can be configured to match on source IP addresses and allow or block the connection. The new feature is found on the "Tunnel - Server Firewall" page.

- This modification only applies to the FT-6602. A method of setting the unit to defaults, without a serial terminal was implemented. After applying power, the unit will illuminate all three LEDs on the front of the unit. When all three LEDs turn off, the user must press and hold the reset button. Once the user sees LED 2 blink on then off, the button may be released. The unit will now be running with default settings. The user must then reconfigure the device without removing power. Otherwise the unit will return to the previous configuration.

The system will now attempt a reboot in the event of a system error.

This release corrects the following:

There was a race condition in the tunnel fail-over feature that could result in a client simultaneously connecting to both the primary and alternate server. Any unit configured with fail-over backup connetions should install this update. This issue was corrected in V2.31, but is being repeated in this notice.

If DHCP is enabled and a DHCP lease is lost, the device would receive a new address, but the DNS requests would continue to be sent using the defunct IP address. This would result in never receiving a DNS reply and failure to resolve a name. This type of failure is likely to occur only when a router, also acting as a DHCP server, goes down for a period of time longer than the DHCP lease.

----------

1.0 INTRODUCTION

FT-Soft V1.03 Release Notes 10/20/2015

This release modifies FTSoft for Windows 10.

Please note: If a user attempted to install an older FTSoft package on Windows 10, Windows 10 will have erased the Software Key. They then have two options. 1) Completely uninstall FTSoft and then reinstall with this new package. 2) Install this FTSoft package on top of the old installation. Then go into the "DCB Virtual Ethernet Adapter Properties - Advanced Tab" and manually set the Software Key. Method 2 will preserve their old configuration and security certificate.


----------

FT-6601/02/30 firmware Version 2.07 2/2/2015

1.0 INTRODUCTION

This release add the following features:

Support for remote syslog.

----------

FT-6601, FT-6602, FT-6630 firmware Version 2.06 2/2/2015

1.0 INTRODUCTION

This release add the following features:

- The OpenSSL FIPS encryption module was updated to version v2.0.8 (certificate #1747). OpenSSL was updated to v1.0.1j. These updates allow the FT to support certificates signed with SHA256.

- A new option was added to "Generate CA Key". The user may select between certificates signed with SHA1 or SHA256. This is provided for backward compatibility. Going forward, customers should select SHA256 when setting up a new system. However, if the customer has units running firmware v2.05 or older, they will need to keep using SHA1 certificates. Note: FT-Soft already supports SHA256.

- The FT's web server was configured to refuse SSLv3 connections. SSLv3 is considered broken and should no longer be used.

- The default web server certificate has been updated to SHA256 signature with 2048-bit RSA. Note: This will cause interoperability problems with systems running Windows XP SP2 and older.

- When generating web server/browser certificates, the new certificates will also be SHA256 signatures with 2048-bit RSA.

NOTE: The OpenSSL FIPS v2.0.8 encryption module has more overhead than the older v1.1.2 module we were previously using. This overhead has resulted in a 33% reduction in performance.

This release correct the following:

- v2.05 added support for NTP and timezones, but this introduced a problem with manually setting the time. On boot, the FT reads the time from the RTC and interprets it as UTC. However, when the clock is manually set, it was stored to the RTC in the local time for the timezone. This would cause the time to be wrong the next time the system rebooted.

----------

FT-6601/02/30 firmware Version 2.05 6/19/2014

This release add the following feature: - Network-time protocol (NTP) client support was added. A glitch in the RTC or a dead RTC battery is fatal for the FT products since certificate verification relies on having the correct date and time. This addition helps prevent that condition.

----------

FT-6601/02/30 firmware Version 2.04 1/10/2014

Repaired a UDP Transport mode race condition. When the connection transitions from TCP to UDP where the server may lock-up.

----------

FT-6601/02/30 firmware Version 2.03 9/25/2013

- Added Alias functionality on LAN 2 interface
- Manufacturing version revision.

----------

FT-Soft Software FT Client Version 1.0 5/24/2010 1.0 INTRODUCTION This is the initial release of the FTSoft Windows client.

----------

FT-6601/02/30 firmware Version 2.02 1/24/2011<

Manufacturing version revision. No functional changes.

----------

FT-6601/02/30 firmware Version 2.01 4/27/2010

This release corrects the following:

- The "Addl. Clients" menu item was not displayed when the Tunnel Mode was set to both.

This release adds the following feature to the FT-6601/02/30 firmware:

- The number of simultaneous clients was increased from 4 to 12. The first one is configured on the tunnel configuration page. The additional 11 are configured on the "Addl. Clients" page.

----------

This release V 2.0 adds the following features to the FT-6601/02/30 firmware 3/18/2010: 1.0 INTRODUCTION

- Added UDP Transport support. UDP mode is enabled from the Tunnel-Advanced page. An FT server is now capable of supporting a mix of TCP and UDP clients.

- switched from a blocking to a non blocking name resolver in the bridging code. This is better suited for clients configured to fail-over to a backup server.

- Modified the bridge to automatically switch to 802.1q mode if 802.1q tagged frames are detected.

- Added IGMP snooping feature.

----------


This is the initial release of the FT-6630 firmware.

This is the firmware revision log for the FT family bridges.

FT-6601, FT-6602 VERSION 1.03 10/30/2009

1.0 INTRODUCTION

This release corrects the following in the FT-6601/FT-6602 firmware:

- The bridge server was incorrectly limited to 8 client connections. The limit was raised to 25.

- Local key and Web certificate changes were not being activated requiring the unit to be reset before they would take effect.

1.0 INTRODUCTION This is the initial release of the FTSoft Windows client.

FT-6601 FT-6602 VERSION 1.02 12/05/2008

1.0 INTRODUCTION

Corrected a problem in the bridging software would cause a write_retry failure in the SSL library resulting the the SSL connection being aborted. This manifests whenever there is a backlog of data on the untrusted link.

Corrected a problem in the bridging software could result in a deadlock on the SSL connection. This manifests whenever there is a backlog of bi-directional data on the untrusted link.

----------

FT-6601 VERSION 1.00 10/09/2008

1.0 INTRODUCTION

This is the initial release of the FT-6601 firmware

----------


img
Data Comm for Business Inc.
2949 County Road 1000 E
Dewey, Il 61840
Voice: 217-897-6600
Toll Free: 800-4-DCB-NET
Toll Free: 800-432-2638
Email: Contact Page
Web: www.dcbnet.com
Fax: 217-897-8023
All DCB web pages copyright ©1995- Data Comm for Business, All rights reserved.
EtherPath®, EtherSeries®, EtherPoll®, EtherBridge® and EtherModem® are Registered Trademarks of Data Comm for Business, Inc.