# APC P15 Tool Changelog

## [v0.5.1] - 2024-06-18

Both NMC2 and NMC3 should now be fully supported.

### Added
- Add proper NMC3 support. 
- The `create` function now also generates a .p15 formatted key file.
  The format of this file matches that of what is generated by the NMC 
  Security Wizard.
- Add additional b64 formatted output files when using the `--debug`
  flag with `create`. These files can easily be pasted into an ASN1 
  decoder for inspection (except for the header file, as the header is
  not ASN1 encoded).

### Fixed
- Fix `install` function for NMC3 on newer firmware version by 
  leveraging the native `ssl` command to install the key and cert, if
  it is available. If not available, fallback to the 'old' way of
  installing the SSL cert.
- Fix PowerShell build script in repo. Posted builds were not impacted
  by this as the script is not used by the GitHub Action.

### Changed
- Move APC SSH functions to a separate package and change how commands
  are sent. In particular, leverage the interactive shell to send
  commands and read back the result of those commands.
- Set output file permissions to `0600` instead of `0777`.
- Minor logging updates.
- Leverage `strings.EqualFold` as a more robust alternative to using
  `strings.ToLower` for string comparisons.
- Update Go version to 1.22.4.
- Update readme to clarify tool's purpose, current state, and 
  compatibility.

### Removed
N/A


## [v0.4.2] - 2024-03-29

Fix usage message. Thanks @k725.


## [v0.4.1] - 2024-03-06

Update to Go 1.22.1, which includes some security fixes.


## [v0.4.0] - 2024-02-05

Add `--restartwebui` flag to issue a reboot command to the webui
after a new certificate is installed. This was not needed with
my NMC2, but I suspect some might need it to get the new certificate
to actually load.


## [v0.3.3] - 2024-02-04

Add `--insecurecipher` flag to enable aes128-cbc and 3des-cbc for
older devices/firmwares. These ciphers are considered insecure and
should be avoided. A better alternative is to update the device
firmware if possible.


## [v0.3.2] - 2024-02-04

Add support for 1,024 bit RSA keys. These are not recommended! RSA
1024 is generally considered to not be completely secure anymore.

Add `diffie-hellman-group-exchange-sha256` key exchange algorithm
which may be needed by some UPSes to connect via SSH to use the
install command.


## [v0.3.1] - 2024-02-03

Fixes debug logging always being on. App now accurately reflects
the state of the --debug flag.


## [v0.3.0] - 2024-02-03

Initial release.