Reflection for Secure IT Windows Client 8.2

October 2020

Your Reflection for Secure IT Windows Client includes new features, improves usability, and resolves several previous issues.

Introduction

Reflection for Secure IT Windows Client 8.2 is available now for new and existing customers. These release notes provide information about how to obtain this release and a list of features and fixes included in this version of Reflection for Secure IT Windows Client. They also include fixes in Reflection FTP, which is included with Reflection for Secure IT Windows Client.

For important information regarding security updates, see Security Alerts - Reflection for Secure IT Client for Windows.

What’s New

Many of these improvements were made in direct response to suggestions from our customers. We thank you for your time and valuable input. We hope you continue to help us ensure that our products meet all your needs.

Reflection for Secure IT Windows Client

  • Redesigned dialog boxes for configuring secure connections. The Reflection Secure Shell Settings and SSL/TLS Security Properties Dialog boxes have been updated in this release as part of a greater redesign of Micro Focus products.

  • Improved the “look and feel” (font, colors, and icons) of the redesigned Secure Shell Settings and Security Properties Dialog boxes.

  • Added support for Elliptic Curve Cryptography (ECC) algorithms in SSH. Support for ECDSA and EdDSA (curve 25519) algorithms can be used for key-exchange, host authentication, and user authentication.

  • Added support for algorithms rsa-sha2-256 and rsa-sha2-512 for Secure Shell user and host authentication.

  • Added a new setting to the ssh config file: PubkeyAlgorithms allows an administrator to configure what public key algorithms key(s) will be used and in what order. For additional information on the keyword, see the help topic Configuration File Keyword Reference - Secure Shell Settings.

  • Modified an existing SSH keyword setting x509rsasigtype. A new value was added and the default value changed for this keyword. For additional information on the keyword, see the help topic Configuration File Keyword Reference - Secure Shell Settings.

  • Removed Kerberos settings from the Secure Shell Settings and Security Properties dialog boxes in this release.

  • Added support to send a complete certificate chain when the client identity is in the SystemStore. See product documentation for supported algorithms.

  • Enhanced the usability of logging to include Negotiated Host Key Algorithm and the Key Exchange method name.

  • Added the capability to access, set, and lock down individual security settings via Group Policy or Permissions Manager.

Reflection FTP Client

  • Added support for TLS version 1.3 for IBM, VT, Unisys, T27, and FTP sessions.

  • Developed a new option for users to select the appropriate certificate during TLS connections. When 'Prompt for certificate' is selected during the connection, the Select Certificate dialog presents the user with options to select from based on information from the Server’s Certificate Request message.

  • Added support for algorithms rsa-sha2-256 and rsa-sha2-512 for Secure Shell user and host authentication.

  • Added the setting Custom Ciphers to the Encryption Strength section of the Security Properties dialog box that allows user to select specific ciphers.

  • Updated the TLS Encryption Strength terms to Recommended Ciphers and Custom Ciphers. The Recommended Ciphers option allows Micro Focus to determine a recommended encryption strength that will be updated in line with industry encryption standards.

    Session files from previous versions of Reflection that use default, 168, 128 or 256 bit Encryption Strength will be imported as Custom Ciphers to maintain the list that was used in prior versions for those settings options.

  • Added the following warning message to the Security Properties Dialog Box when a user selects TLS 1.0.

    "The SSL/TLS version selected is no longer a secure protocol. Any sensitive data transmitted over this connection could be compromised."

Obtaining the Update

Maintained customers are eligible to download the latest product releases at https://download.attachmate.com/Upgrades/. You will be prompted to login and accept the Software License Agreement before you can download a file.

If you have already installed Reflection for Secure IT Windows Client, you can apply this update to your existing installation. New installations automatically include this update.

For information about installing, see the Knowledge Base article Using the Attachmate Downloads Web Site.

Resolved Issues

  • Improved support for ActivClient when configured for PKCS#11.

  • Improved support of managed SSH sessions for PKIc when managing Reflection sessions in Micro Focus Management and Security Server.

  • Fixed the sftp comand line -q option to display the correct output data when certain commands are executed while the switch is invoked. This fix restores the original behavior for the -q option.

Known Issues

You may encounter the following issue:

FIPS 140-2 validated crypto module status.

The crypto module that ships with this release is not FIPS 140-2 validated, but an upcoming release will provide a FIPS 140-2 validated module. Enabling FIPS in your secure connection configurations will cause the connection to fail.

Legal Notice

© Copyright 2020 Micro Focus or one of its affiliates.

The only warranties for products and services of Micro Focus and its affiliates and licensors (“Micro Focus”) are set forth in the express warranty statements accompanying such products and services. Nothing herein should be construed as constituting an additional warranty. Micro Focus shall not be liable for technical or editorial errors or omissions contained herein. The information contained herein is subject to change without notice.