Reflection 14.1 Service Pack 3 (SP3): Fixes, Features, and File Download

The Reflection Windows-based products version 14.1 Service Pack 3 (SP3) is available to maintained users who already have 14.1 installed and to customers who have downloaded and installed the version 14.1 evaluation package. This technical note provides information about how to obtain your service pack and a list of features and fixes included in the service pack. Service Pack 3 is cumulative and also applies the features and fixes listed below for earlier service packs.

• Reflection 14.1 SP3 Update 1 released April 2014; see KB 7021738 for release notes.
• For a list of features originally included Reflection 14.1, see KB 7021727.
• For recommendations when upgrading to Reflection 14.1, see KB 7021730.
• For important information regarding security updates and Reflection, see https://support.microfocus.com/security/.

Before you apply the service pack, note the following:

• This document references a Reflection service pack. Service packs are available to licensed Attachmate customers with current maintenance plans for these products. For information about logins and accessing the Download Library, see KB 7021965.
• If you have installed (or plan to install) Reflection Administrator's Toolkit, you must upgrade to the latest version of the Toolkit whenever you upgrade Reflection. The Reflection Administrator's Toolkit features may not work correctly if you are running a version of Reflection that is newer than your Toolkit version. The latest version of Reflection Administrator's Toolkit is available from Attachmate Downloads, download.attachmate.com.
• Removing Reflection software packages (version 9.0 or higher) will result in your users losing settings information for those components that store this information in the registry. This affects Reflection X, Reflection Windows-based products, and the FTP client. To save these settings, refer to KB 7021647, Saving Customized Settings Before Uninstalling Reflection.

This technical note includes the following sections:

Obtaining the Service Pack

The latest Reflection 14.1 Service Pack is available from Attachmate Downloads, download.attachmate.com, and applies to version 14.1 of the following products:

If you have the 64-bit components of Reflection X version 14.1 installed, you must apply the 64-bit service pack.

Note: If you have more than one Reflection product installed on a workstation, applying this service pack will update all products at the same time. (It is not possible to run multiple versions of Reflection Windows-based products on the same workstation.)

For information about applying or uninstalling a service pack, see the following technical notes:

Supported Platforms

For information about platform support in Reflection, see KB 7021763.

New Features and What's Fixed in 14.1 SP3

Beginning with version 14.1 Service Pack 3, Reflection is supported on Windows 8.

The following additional new features and fixes are also included in the Reflection 14.1 Service Pack 3.

Reflection for IBM 14.1 SP3

New Feature

• SSL/TLS connections now support TLS version 1.2.

Resolved Issues

• AS/400 uploads no longer fail with the error "The width of a numeric field in the input file does not match the field size on the host." This issue was seen when uploading a file without including fields when the host field is defined with 4 decimal positions.
• In 5250 sessions, the Transfer in Progress dialog box now displays the actual record count as it did in earlier versions of Reflection. Record counts are now abbreviated only if they exceed 999999.
• Display and response speeds have been improved.
• The cursor is now correctly displayed in the next screen after activating a hotspot
• Resolves a problem that caused 3270 TELNET or SSL sessions to disconnect intermittently when TIMING MARK commands sent from the Host did not get a response.
• This release includes a fix for a potential OpenSSL ASN1 BIO denial of service vulnerability reported in CVE-2012-2110. See https://support.microfocus.com/security/ for details.

Reflection for HP 14.1 SP3

Reflection for UNIX and OpenVMS 14.1 SP3

Reflection for ReGIS Graphics 14.1 SP3

Reflection 14.1 SP3 also includes New Features and Resolved Issues in Secure Shell Updates 14.1 SP3.

New Features

• SSL/TLS connections now support TLS version 1.2.

Resolved Issues

• The Show Host Files button in the File Transfer dialog box is now displayed correctly on Windows 7 when classic mode is enabled.
• Reflection now installs an updated version of one of the Visual Basic software library files (Vbe6.dll version 6.5.10.54). This updated file addresses a security vulnerability described in MS12-046.
• Reflection no longer shuts down unexpectedly when displaying the content of a Japanese UTF-8 file which has long lines without line wrapping.
• The autowrap feature now handles double-byte characters correctly.
• Reflection no longer shuts down unexpectedly when a macro uses the RemoveEvent method to remove events that have been defined using DefineEvent but have not been triggered.
• Reflection now correctly retains a window size that stretches over dual monitors.
• In the File Transfer dialog box, under Local directories, there is no longer a long delay when expanding folders on mapped drives.
• This release includes a fix for a potential OpenSSL ASN1 BIO denial of service vulnerability reported in CVE-2012-2110. See https://support.microfocus.com/security/ for details.

Reflection X 14.1 SP3

Starting with version 14.1 SP3, Low Bandwidth X (LBX) is no longer supported.

Reflection X 14.1 SP3 also includes New Features and Resolved Issues in Secure Shell Updates 14.1 SP3.

Resolved Issues

• Multiple fixes and improvements to GLX/OpenGL support.
• Fixes a problem that caused some graphics to be invisible until the mouse is dragged into the missing image area.
• Fixes a problem with the display of characters in the title bar of an SAS X client when running in a Japanese Windows system.
• Entering special characters using AltGr now works as expected.
• Moving an OpenWindows X client no longer leaves remnants of previous window positions on the Windows desktop.

Reflection FTP Client 14.1 SP3

Reflection FTP Client 14.1 SP3 also includes New Features and Resolved Issues in Secure Shell Updates 14.1 SP3.

New Features

• The file owner is now included in the Server pane display when you configure a detailed display (View > Server Pane(s) > Details).
• The FTP Client now supports a new server type to support NonStop connections. In the Site Properties dialog box, for Server Type, select "NonStop (Guardian API)."
• SSL/TLS connections now support TLS version 1.2.

Resolved Issues

• Improved transfer speed for large files.
• File names containing a semicolon are no longer truncated after a drag-and-drop download.
• The FTP Client no longer closes unexpectedly during some file downloads when "Use structured listing data" is enabled on the Secure Shell tab of the Security Properties dialog box.

Secure Shell Updates 14.1 SP3

New Features

• Secure Shell connections now support SHA256. Support for this newer, more secure algorithm is configured by default. You can view and edit settings in the Encryption tab of the Reflection Secure Shell Settings dialog box or modify settings using config file keywords. The updates made for this support include changes to:
  • Hashed message authentication codes (HMAC)

• Signature algorithms

• Key exchange algorithms

• The scp command line utility supports a new switch (-z) for downloading files from Windows servers. By default filename matches are case-sensitive for all downloads. When you use the -z option, downloads that include wildcards in the server filename specification are not case-sensitive.
• The Reflection Key Agent menu includes a new option, "Use Only SHA1 Signatures." When this option is enabled (the default), the agent uses only SHA1 Signatures. To enable support for SHA256 signatures, uncheck this menu option. Note: Agent forwarding to some servers may not be supported when this option is unchecked because of the length of the reply to the server list request.
• Starting with Service Pack 3, you must explicitly set the RSA signature type to MD5 to connect to older servers that don't support SHA1. Previously the client automatically changed the signature type from SHA1 to MD5 when connecting to version 2.1 to 2.4 (inclusive) servers. Because MD5 is now considered insecure, the client no longer makes this change automatically. This update may cause a connection failure if your current signature setting is SHA1 (the default). To connect to servers that don't support SHA1, use the Encryption tab of the Secure Shell Settings dialog box to change the RSA signature type to MD5.

Resolved Issues

• The public key upload utility now correctly handles key uploads to both ODS-2 and ODS-5 Disk Structures on OpenVMS servers.
• This service pack resolves an issue that caused certificate validation to fail intermittently with certificates configured to use OCSP without using NextUpdate.
• This release includes a fix for a potential OpenSSL ASN1 BIO denial of service vulnerability reported in CVE-2012-2110. See https://support.microfocus.com/security/ for details.

New Features and What's Fixed in 14.1 SP2

The following new features and fixes are included in the Reflection 14.1 Service Pack 2. To view features and fixes relevant to the Reflection product you are using or evaluating, scroll to the appropriate product name below or use these quick reference links:

Reflection for IBM 14.1 SP2

Reflection for IBM 14.1 SP2 includes resolved issues.

Resolved Issues

• CopyPS when called immediately following a session connection no longer returns previous screen data.
• Reflection no longer uses incorrect fonts with 5250 printer emulation on Windows 7.
• The local file list is now correctly updated when you open a saved *.mto file.
• Improved cursor response.
• Reflection no longer closes unexpectedly when "Print to file" is configured and "If file exists" is set to Autonumber.
• Changing the format from Japanese to English in Regional and Language Options no longer causes character corruption in the transfer window.
• AS/400 transfer now successfully handles transfer in which the number of digits after the decimal dot in a transferred file is less than the field size defined on the host.
• Reflection no longer becomes unresponsive when you connect to the ibm3270 simulation file.
• Reflection no longer becomes unresponsive when you change the "Response mode" setting from the Advanced 3270 Telnet Extended dialog box (Connection > Session Setup > Transport = Telnet Extended > Advanced).
• The AES_128 cipher TLS_RSA_WITH_AES_128_CBC_SHA is now an allowed cipher for TLS connections in FIPS mode.
• Security fix for CVE-2011-4576: SSL 3.0 block cipher padding initialization vulnerability. For additional information, see https://support.microfocus.com/security/, "Security Updates and Reflection."

Reflection for HP 14.1 SP2

Reflection for UNIX and OpenVMS 14.1 SP2

Reflection for ReGIS Graphics 14.1 SP2

Reflection for HP, Reflection for UNIX and OpenVMS, and Reflection for ReGIS Graphics 14.1 SP2 include new features and resolved issues.

New Features

• Reflection Secure Shell connections now support SHA256 digital signatures. You can configure this setting from the Encryption tab of the Reflection Secure Shell Settings dialog box, or by setting the x509rsasigtype keyword to sha256.

Resolved Issues

• When the OpenVMS server denies a Telnet connection from a specific IP address, Reflection now displays the message "<Your 'TELNET' connection has terminated>".
• The AES_128 cipher TLS_RSA_WITH_AES_128_CBC_SHA is now an allowed cipher for TLS connections in FIPS mode.
• When the Terminal Type is XTERM, and the "Backspace sends" set to Delete, Reflection now saves this setting correctly.
• Security fix for CVE-2011-4576: SSL 3.0 block cipher padding initialization vulnerability. . For additional information, see https://support.microfocus.com/security/, "Security Updates and Reflection."

Reflection 14.1 SP2 also includes Resolved Secure Shell Issues 14.1 SP2.

Reflection X 14.1 SP2

Reflection X 14.1 SP2 includes new features and resolved issues.

New Features

• Reflection X now supports user-based authentication for X client connections from localhost. Use this feature to ensure that an X client that is run locally, or through an SSH tunnel, is not given full access to the server. To configure this:

1. Enable user-based security (Settings > Security > User-based security).
2. Enable access control for local clients (Setting > View Settings > Enable access control for local clients = 1).

• Reflection X now supports the EXT_blend_logic_op extension.

Reflection 14.1 SP2 also includes New Secure Shell Features 14.1 SP2.

Resolved Issues

• The Shift key no longer becomes stuck (acting as if it is pressed when it is not) when a computer-generated sequence of keystrokes includes a shifted key followed by certain function keys. This fix supports use by speech recognition software that send sequences of shifted and unshifted arrows.
• The X root window now displays at the chosen size without displaying scroll bars when X terminal desktop is enabled, the X root window has been manually resized, and panning is disabled.
• Reflection X now reads the profile definition file, rx.ini from these documented locations:

• You can now manually edit the IP address field. (Settings > Network > IP Macro Expansion > IP)
• The mouse cursor now displays correctly on the X client window when Windows is set to a color depth of less than 32 bits.
• Reflection X no longer displays an error message (RX2158) when you unlock a PC screen saver with a password.
• Reflection X now treats single row Japanese fonts as if they are composed of single byte characters. This resolves a problem that caused the client to disconnect from Reflection X upon opening a submenu in Kanji.
• Panning no longer causes screen display errors when the virtual screen sizes is set larger than the physical monitor size.
• Fix for a problem that caused some areas to be intermittently filled with lines while zooming.
• Command lines that launch Reflection X with the X manager minimized no longer fail with an application error. This resolves an issue that was introduced in 14.1 SP1.

Reflection 14.1 SP2 also includes Resolved Secure Shell Issues 14.1 SP2.

Reflection FTP Client 14.1 SP2

Reflection FTP Client 14.1 SP2 includes new features and resolved issues.

New Features

• The Site Properties information tab now includes SSL and SSH security information when you are connected to a host using either of those protocols.

Reflection 14.1 SP2 also includes New Secure Shell Features 14.1 SP2.

Resolved Issues

• Connections made through the Reflection for the Web security proxy will now reliably open the data channel.
• The FTP Client no longer closes with an application error when you have installed software that creates a custom right-click context menu. This problem was seen when the Workshare Compare component of Workshare Professional is installed on the user computer.
• Site names with Japanese characters are now saved correctly in the FTP Client settings file, and are displayed correctly in the Connect to FTP Site dialog box.
• The LastError property of the FTP Client API is now set appropriately when a transfer is interrupted by a network failure.
• Security fix for CVE-2011-4576: SSL 3.0 block cipher padding initialization vulnerability. . For additional information, see https://support.microfocus.com/security/, "Security Updates and Reflection."
• Security fix for a heap overflow vulnerability in the FTP Client. For additional information, see https://support.microfocus.com/security/, "Security Updates and Reflection."

Reflection 14.1 SP2 also includes Resolved Secure Shell Issues 14.1 SP2.

Secure Shell Updates

The following Secure Shell updates apply to these Reflection applications:

New Secure Shell Features 14.1 SP2

• Reflection Secure Shell now supports SHA256 digital signatures. You can configure this setting from the Encryption tab of the Reflection Secure Shell Settings dialog box, or by setting the x509rsasigtype keyword to sha256.

Resolved Secure Shell Issues 14.1 SP2

• Reflection Key Agent Manager no longer closes with an application error when you import a certificate from the Windows certificate store (File > Import Certificate from System Store).
• Secure Shell connections no longer fail because Reflection could not create a .pki folder in the My Documents folder when it has been redirected to a network share. This folder is now created correctly.
• Agent forwarding now works correctly when authentication uses the public key from a smart card.
• The ssh -t switch now allows ssh to be used interactively.

New Features and What's Fixed in 14.1 SP1

The following new features and fixes are included in the Reflection 14.1 Service Pack 1. To view features and fixes relevant to the Reflection product you are using or evaluating, scroll to the appropriate product name below or use these quick reference links:

Reflection for IBM 14.1 SP1

Reflection for IBM 14.1 SP1 includes new features and resolved issues.

New Features

• A new Undo command is now available from the Edit menu for use with Reflection editing operations.
• A new setting is available to control how Reflection handles pasted text when the text is longer than the current field. To configure the setting, use View Settings > Paste Wrap Down. If this setting is No, text is wrapped to the next input field on the screen; if it is Yes, text is wrapped to the next input field directly below the current field. This option is effective only if "Wrap text to next line" is enabled and "Mask protected fields" is not. Paste behavior is also affected by the current value of the "Use field delimiters" setting.
• You can now specify which certificate to use for client authentication in SSL/TLS connections. To configure this, open the Security Properties dialog box, enable "Use SSL/TLS security," and click Configure PKI. Under Client Authentication, select "Use selected certificate for authentication," then click Select.

Resolved Issues

• Fix for a problem in Japanese 3270 terminal sessions that caused the screen to flicker after a key press.
• Pasting large amounts of data to a terminal session no longer causes Reflection to close with an application error.
• Restore correct STRPCCMD functionality. (This corrects a problem that was introduced in 14.0 SP2.)
• SO/SI characters are now handled correctly in copy and paste operations in 3270 terminal sessions.
• The Reflection process (R8win.exe) is now correctly released from memory after a Save action is done from a Reflection session that has a Visual Basic reference to another Reflection settings file (*.rsf).
• Fix for character display problems in 3270 terminal sessions configured for Japanese DBCS.
• Reflection no longer requires a case-sensitive match between the host name and the certificate Subject Alternate Name in SSL/TLS connections configured with "Certificate host name must match host being contacted" enabled.
• HLLAPI function 6 (SearchPS) will now find a string that spans more than one field.
• Fix for intermittent FTP file transfer fails with "...connection cannot be established..." while actually downloading the file.
• In Japanese sessions, special characters entered in the Answerback string field are now properly retained.

Reflection for HP 14.1 SP1

Reflection for UNIX and OpenVMS 14.1 SP1

Reflection for ReGIS Graphics 14.1 SP1

Reflection for HP, Reflection for UNIX and OpenVMS, and Reflection for ReGIS Graphics 14.1 SP1 include new features and resolved issues.

New Features

• You can now specify which certificate to use for client authentication in SSL/TLS connections. To configure this, open the Security Properties dialog box, enable "Use SSL/TLS security," and click Configure PKI. Under Client Authentication, select "Use selected certificate for authentication," then click Select.

Reflection 14.1 SP1 also includes New Secure Shell Features 14.1 SP1.

Resolved Issues

• Reflection no longer closes with an application error if an attempt to configure a modem is made and no modem is available.
• Reflection no longer closes with an application error on disconnect from SSL or SSH connections configured to use CRLs.
• Fix for an error that reported “missing or invalid provider DLL. Device not in reader” while configuring PKCS# 11 when running 32-bit Reflection on 64-bit Windows 7.
• Fix for a buffer overflow vulnerability in the Reflection ActiveX Control ‘ControlID’ buffer.
• Changing the host character set no longer affects the control sequences that Reflection sends to the host. This fixes a problem that prevented use of the Page Up and Page Down keys when Reflection is configured to use the DEC 1983 Kanji character set.
• Because Visual Basic for Applications is not supported on 64-bit systems, the Connection Wizard and the Reflection terminal window running no longer include options for recording macros when running on 64-bit systems.
• Fix for a problem where typed characters sometimes appeared very slowly in the terminal window in SSL sessions.
• Reflection no longer requires a case-sensitive match between the host name and the certificate Subject Alternate Name in SSL/TLS connections configured with "Certificate host name must match host being contacted" enabled.
• VT ReGIS graphic objects that are shaded by using text characters now display correctly.

Reflection 14.1 SP1 also includes Resolved Secure Shell Issues 14.1 SP1.

Reflection X 14.1 SP1

Reflection X 14.1 SP1 includes new features and resolved issues.

New Features

• The Network Settings options for configuring IP macro expansion have been updated. For specifying a specific IP address, Reflection now detects all available IPv4 and IPv6 interfaces and displays a drop-down list of available options.
• Converted trace files now include Windows message names and time of day.
• The log file now shows starting and stopping times of Rx.exe.
• Negative display coordinates are now supported.
• A new setting is available to configure what happens to an existing log file when Reflection X is restarted. To configure this setting, go to View Settings > Append to an existing log file. When this setting is No (the default), the existing log file is replaced by a new log. When it is Yes, new log information is appended to the existing file.

Reflection 14.1 SP1 also includes New Secure Shell Features 14.1 SP1.

Resolved Issues

• Taskbar icons for minimized CDE host applications now disappear as expected.
• Arabic (iso8859-6) is now included in the list of available Windows fonts.
• The Reflection X Manager icon now remains in the System Tray after Windows Explorer (explorer.exe) is restarted.
• The Solaris XDMCP login screen now returns to view after the language option has changed.
• The Reflection X Profiler no longer closes with an application error when X terminal desktop is selected under Window Manager Settings and X Screen settings are also modified.
• ILOG pop-up windows now show correct window decoration (display of the title bar, close button, window border, etc.) This fixes a problem seen when running an X application called Quartus II.
• Fix for a problem that caused some characters to appear backwards (flipped sideways) when RENDER is enabled.
• Fix for display problems with the Host Key Authenticity dialog box.
• When Reflection Window Manager is enabled, the second X client window you open no longer displays behind the X Manager window.
• Motif X client windows no longer lose focus or move to the background as the result of user actions in pop-up windows.
• Error messages problems have been corrected for errors RX2158 and RX2159.
• Fix for a problem that caused Shift to remain in effect even when the Shift key is not pressed. This problem occurred when a computer-generated sequence of keystrokes (for example from autokey, sendkeys, or a voice recognizer) included a shifted key followed by certain "function" keys like home, end, insert.

Reflection 14.1 SP1 also includes Resolved Secure Shell Issues 14.1 SP1.

Reflection FTP Client 14.1 SP1

Reflection FTP Client 14.1 SP1 includes new features and resolved issues.

New Features

• SFTP transfers now support SFTP version 4. This change provides UTF-8 character support. A new keyword, SftpVersion, is available to configure which version is used. Valid values are 3 and 4. When this setting is 4 (the default), the connection uses SFTP version 4 if the server supports it, and drops to version 3 if the server doesn’t support version 4. If this setting is 3, the client always uses SFTP version 3.
• You can now configure default permissions for directories created by the client. To configure a global default, use Tools > Options > Directory Attributes > Set default directory attributes on creation. To see a confirmation dialog before a new directory is created, open the site Properties dialog box and use Directories > Show attributes before creating directory.
• The FTP Client now supports connections to Sterling Connect servers. To configure connections to these servers, open the site Properties dialog box and set "Server type" to "Auto detect" the default) or "Sterling Connect."
• The FTP Client API includes a new SSHConfigDir property for specifying the folder used for storing the Secure Shell config file, known host keys, and user keys. This property is only relevant when UseSSH is True.
• You can now specify which certificate to use for client authentication in SSL/TLS connections. To configure this, open the Security Properties dialog box, enable "Use SSL/TLS security," and click Configure PKI. Under Client Authentication, select "Use selected certificate for authentication," then click Select.

Reflection 14.1 SP1 also includes New Secure Shell Features 14.1 SP1.

Resolved Issues

• The client now consistently saves passwords when "Save my password as obfuscated text" is enabled.
• Large SFTP file downloads that are interrupted by a network failure no longer cause the client to shut down with an rftpc.exe Application Error.

Reflection 14.1 SP1 also includes Resolved Secure Shell Issues 14.1 SP1.

Secure Shell Updates 14.1 SP1

The following Secure Shell updates apply to these Reflection applications:

New Secure Shell Features 14.1 SP1

• SFTP transfers now support SFTP version 4. This change provides UTF-8 character support. A new keyword, SftpVersion, is available to configure which version is used. Valid values are 3 and 4. When this setting is 4 (the default), the connection uses SFTP version 4 if the server supports it, and drops to version 3 if the server doesn’t support version 4. If this setting is 3, the client always uses SFTP version 3.
• You can now configure the client to automatically add keys used for authentication to the Key Agent. To configure this in the Secure Shell settings dialog box, open the User Keys tab and select "Add key used for authenticating to host to key agent." To configure this in the config file, set AddAuthKeyToAgent=yes.
• You can now configure the client to attempt public key authentication using all available keys, regardless of whether the Use checkbox is selected on the User Keys tab. To configure this in the Secure Shell settings dialog box, open the User Keys tab and select "Use all keys for authenticating to the host." To configure this in the config file, set AuthUseAllKeys=yes.

Resolved Secure Shell Issues 14.1 SP1

• The registry key UseSshConfigSchemes now works correctly with the ssh2, scp2, and sftp2 command line utilities running on Windows 2008 R2.
• Executing a sftp -l file-name command now returns an error as expected if the filename includes a hyphen (-) and the specified file doesn’t exist.
• The scp command now executes as expected when the command includes two filenames that include an absolute path.
• The scp command now correctly handles transfers in which more than four files are specified on a single scp command line.
• You can now run an sftp batch file using the Task Scheduler on Windows Server 2008 and Windows Server 2003.
• The sftp get command now handles wildcard characters correctly when logged into a chrooted environment.
• When an scp copy to the server is interrupted by a server reboot, the error returned is now 7. Previously the client received a message saying, "an existing connection was forcibly closed by the remote host, Connection closed to xxxx error: Send message failed." however, the return code was zero.
• Smart card authentication no longer fails after about 30-50 repeated connections.
• Entries in the ssh config file are now consistently case-sensitive.
• When Reflection is configured for PKCS #11, it now automatically detects ActivIdentity client DLLs that are installed to the default Program Files folder as well as older DLLs that are installed in Windows\System32.
• Connections to servers using the SSH1 protocol now work as expected.
• From the Reflection Customization Manager, you can now select the Reflection Key Agent in the list of available features to install; and the Key Agent is now available in the list of Shortcuts to edit.

Legacy KB ID