60870-5-101/104 v2.4.0 Released — Enhanced Security and IEC 62351-3 Compliance

Written by Michael Zillgith

IEC 60870-5-101/104 C Source Code Library | Updates

27. February 2026

We at MZ Automation are happy to announce we have just released an update of our IEC60870-5-101/104 Library. This update includes multiple enhancements related to security protocols such as improved communication compatibilities, expanded IEC 62351 alignment, and increased control, among other refinements, thus enabling commercial users to achieve security goals and compliance.

What This Release Delivers

Improved Secure Communication Capabilities

Version 2.4.0 of our IEC60870-5-101/104 Library introduces enhancements related to secure TLS communication aligned with IEC 62351-3. These improvements further strengthen encrypted CS104 deployments and ensure more consistent behavior in secure environments.

Key highlights:

  • Secure authentication integration hooks (IEC 60870-5-7:2013)
  • Improved IEC 62351 & 62351-100-3 TLS compliance
  • New threadless CS104 client mode for deterministic integration
  • Enhanced CA validation and interrogation handling
  • Improved session and timeout correctness

Expanded Security & IEC 62351 Alignment

Version 2.4.0 strengthens security integration and compliance in several key areas:

Updated TLS Integration (mbedTLS 2.28 & 3.6)

  • Improved compliance with IEC 62351 security event requirements
  • Added security-related warnings and alarms aligned with IEC 62351-100-3 test cases
  • Refined integration behavior for mbedTLS 3.6 environments

These improvements enhance interoperability with cybersecurity test environments and regulated utility infrastructures.

Secure Authentication Integration (IEC 60870-5-7:2013)

This version introduces integration hooks for the Secure Authentication module (IEC 60870-5-7:2013).

The secure authentication functionality itself is available as a commercial add-on, allowing customers to extend their systems with cryptographic command authentication where required by modern grid security policies.

This ensures a scalable path toward higher security requirements without architectural redesign.

Advanced CS104 Client Enhancements

A new threadless client mode has been introduced:

  • CS104_Connection_startThreadless
  • CS104_Connection_stopThreadless
  • CS104_Connection_run

This enables deterministic integration into embedded systems or event-loop-based architectures without requiring internal threading.

Why this matters:
OEMs working with real-time operating systems (RTOS) or strict scheduling constraints can now integrate CS104 more predictably and with tighter resource control.

Improved Timeout & Session Handling

  • Proper T1 timeout handling during STARTDT/STOPDT confirmation
  • Refined behavior for unconfirmed message handling during connection closure

These changes improve protocol correctness under edge-case network scenarios and help prevent undefined session states.

Stronger Command Validation & CA Handling

Security and protocol robustness were further enhanced in slave implementations:

  • Added CS101_IsCAAllowedHandler callback for validating allowed Common Addresses
  • Rejection of broadcast CA where not permitted by command type
  • Additional interrogation handling options for better compliance with priority rules

These features give system developers greater control over command acceptance policies and improve compliance with IEC behavior expectations.

Improved Interrogation & Message Ordering

  • New IMasterConnection_sendASDUEx to allow bypassing queues when strict message ordering is required (e.g., GI responses)
  • Updated CS104 server example demonstrating standard-compliant interrogation handling

These refinements improve deterministic response behavior during General Interrogation procedures — especially important in interoperability test scenarios.

Build & Integration Updates

  • Updated minimum required CMake version (compatible with CMake 4.0)
  • Added CS104_Connection_isConnected utility function

Stability & Reliability Improvements

This release also includes refinements addressing rare edge-case conditions in queue handling and STOPDT processing, further strengthening runtime stability in production deployments.

As always, all updates are validated in real-world integration environments.

Why This Release Is Important for Commercial Users

For customers operating in energy automation, grid infrastructure, and industrial telecontrol systems, v2.4.0 provides:

  • Improved IEC 62351 security alignment
  • A migration path toward secure authentication
  • Deterministic CS104 integration options
  • Stronger command validation controls
  • Enhanced protocol correctness in edge conditions

The commercial license ensures:

  • Professional engineering support
  • Long-term maintenance and lifecycle stability
  • Legal clarity for OEM and product integration

Customers with active maintenance can request the latest version immediately.

If you would like to discuss upgrading to IEC 60870-5-101/104 v2.4.0 or activating a commercial license, please contact our sales team.

Follow Us

Follow us on our LinkedIn page. We will also be releasing new videos on our YouTube channel.

You May also Like…

IEC60870 Test Tool — New Version Released

Feb 27, 2026

We are pleased to announce a new release of our IEC60870-5-101/104 Test Tool, enhancing its professional feature set with powerful message filtering capabilities designed to accelerate testing and debugging of IEC 60870-5-101/104 communication. The IEC60870 Test Tool is a commercial engineering software solution widely used by OEMs, utilities, and system integrators for validating telecontrol communication behavior.

Company

About us

What we do

Links

Products

Privacy Policy

Legal Information

FAQ

Contact

Merzhauser Str. 76A, 79100 Freiburg

info@mz-automation.de

+49 7681 – 20 91 980

Follow Us