Axway Electronic Signature 2.9.2 Release Notes

Document version: 1 October 2018

New features and enhancements

  • Security
    • TLS 1.2 enforcement: TLS 1.2 is the default TLS protocol for Electronic Signature.
    • TLS 1.2 is mandatory by default (but can be relaxed) for the following connections:
      • Administration UI
      • EBICS channel (connection to EBICS Server)
      • PassPort connection
  • Oracle Database schema refactoring
    • On Oracle, a unique set of partitioned tables is used for all payments instead of a set of tables for each payment

Fixed problems

This section lists corrections since Electronic Signature 2.9.1 SP1. For details of corrections included in a service pack or patch, refer to the corresponding Readme file available from the Axway Support website.

Case ID Internal ID Description
758848 D-96559

Freeze of Electronic Signature

In some situations, when the list of payments contained a large number of payments, the GUI would freeze after the signature of payments. This has been fixed.

769495 D-88981

Issue with the retrieve SSL command line across a proxy

Retrieval of EBICS Server's SSL certificate would not go through the proxy set on the bank. This has been fixed.

772350 D-90175

JAR signed with an expired certificate

Applet JAR was signed but did not contain any timestamp. This has been fixed.

784537 D-94447

Error during deleting proxy from bank in adminClient

It is now possible to remove the proxy from a bank using the adminClient command line (option –ph none)

800280 D-89194

Renew keys applies new authentication cert to both authentication and encryption

Now it is possible to renew authentication and encryption certificates with distinct certificates.

800570 D-91133

Issue with the .cer certificate for renew Keys

Only PKCS#12 are allowed for renewing keys/certificates. Attempting to provide anything else is now properly rejected.

800464 D-97412

Data received even when Fetch is in error

Fetch result would be forwarded to the client's back end, even if it failed. This only happened on Windows, and has been fixed.

Known issues

Case ID Internal ID Description
D-86767

The modification of the Database URL is not taken into account when using the installer's Configure function

The Installer does not allow you to configure an update to the Oracle DB URL with a service name. Configuration must be done directly in the configuration.properties file.

D-100125

Electronic Signature – Old payment details show some errors in logs

After upgrade, error messages appear in the log for migrated payments. The severity of the messages is wrong (should be Warning or Info) because the missing payment details are correctly regenerated.

D-101830

PassPort installed on AIX does not support TLSv1.2 in SSO mode

When running Electronic Signature in SSO mode with a PassPort server installed on AIX, you must set the server.ssl.supportedProtocols property in the Electronic Signature configuration.properties file to TLSv1,TLSv1.1,TLSv1.2

D-101847

On Solaris, the MFT scripts may not correctly resolve the EBICS install directory

If /bin/sh is not set to a POSIX/XPG4 compatible shell (for example /usr/xpg4/bin/sh) the EBICSROOT variable in all <INSTALL_ROOT>/mft .sh files must be manually set to the <INSTALL_ROOT> directory. For example EBICSROOT=/opt/axway/ES/ElectronicSignature

D-101855

The default TLS cipher suite names are not compatible with the IBM JRE on AIX

After installation, the TLS cipher suites present in the configuration.properties file must be modified to replace TLS with SSL. This affects both the server.ssl.supportedCipherSuites and conf.supportedCipherSuites options. For example:

NOT AIX Compliant:

<prefix>.supportedCipherSuites=TLS_RSA_WITH_AES_256_CBC_SHA256,TLS_RSA_WITH_AES_128_CBC_SHA256,
TLS_RSA_WITH_AES_256_CBC_SHA,TLS_RSA_WITH_AES_128_CBC_SHA

AIX Compliant:

<prefix>.supportedCipherSuites=SSL_RSA_WITH_AES_256_CBC_SHA256,SSL_RSA_WITH_AES_128_CBC_SHA256,
SSL_RSA_WITH_AES_256_CBC_SHA,SSL_RSA_WITH_AES_128_CBC_SHA

Documentation

Electronic Signature documentation set

To find all available documents for this product version:

  1. Go to https://docs.axway.com/bundle.
  2. In the left pane Filters list, select your product or product version.
Note   Customers with active support contracts need to log in to access restricted content.

Support services

The Axway Global Support team provides worldwide 24 x 7 support for customers with active support agreements.
Email support@axway.com or visit Axway Support at https://support.axway.com.

 

Related Links