Released: Jun 25, 2026

Updates in 8.0.9673

Funktionen

• ML-KEM support in TLS - Rebex TLS library adds support for post-quantum ML-KEM key encapsulation algorithm, as part of the following hybrid key agreement ciphers: X25519MLKEM768, SecP256r1MLKEM768, SecP384r1MLKEM102. ML-KEM is supported out-of-box on PQC-enabled Windows with .NET 3.5 or higher. On other platforms, a PQC plugin is needed.
• ML-DSA support in TLS - Rebex TLS library also adds support for post-quantum ML-DSA signature algorithm. This is currently 'experimental', because the protocols have not been finalized yet. However, Rebex libraries with ML-DSA are already perfectly suitable for real-world testing, and are compatible with third-party clients and servers, such as mldsa.digicert.com. ML-DSA is supported out-of-box on PQC-enabled Windows with .NET 3.5 or higher, or on up-to-date Linux with .NET 10. On other platforms, a PQC plugin is needed.
• Client-side OCSP stapling in TLS - OCSP stapling improves the performance and privacy of certificate revocation checking by allowing the server to send a signed OCSP response during the TLS handshake, eliminating the need for the client to contact the certificate authority directly.
• Brainpool curve support in TLS - This version adds support for named groups and signature schemes based on Brainpool elliptic curves to TLS 1.3 (RFC 8734). (Brainpool curves have already been supported in TLS 1.2.).
• FIPS 140-3 mode and cryptography updates - Instead of FIPS 140-2, the UseFipsAlgorithmsOnly setting now enables 'FIPS 140-3 mode', which limits usage of cryptographic algorithms, and forces usage of cryptographic modules to those provided by .NET or the operating system. Also migrated from the legacy CryptoAPI to the new Windows CNG API. Certificate.LoadPfx, CertificateChain.LoadPfx and Certificate.Associate methods now prefer CNG key stores by default instead of legacy CryptoAPI key stores. HKDF key derivation in XtsStream and FileEncryption classes has been updated to support SHA-2 family of hashes.
• API updates, changes and deprecations - Version 8.0 of Rebex libraries introduces some breaking changes, either due to abandoning long-deprecating APIs, for security reasons, or to fix compatibility with third-party tools.