Environment
Reflection Desktop Pro
Reflection Desktop for X
Reflection Desktop for IBM
Reflection Desktop for UNIX and OpenVMS
Reflection 2014
Reflection Pro 2014
Reflection X 2014
Reflection for IBM 2014
Reflection for UNIX and OpenVMS 2014
Reflection Standard Suite 2011
Reflection for IBM 2011
Reflection for UNIX and OpenVMS 2011
Host Access Management and Security Server version 12.2
Reflection ZFE version 2.0.1
Reflection for the Web version 12.2 (All Editions)
Reflection for the Web 2014 (All Editions)
Reflection for the Web 2011 (All Editions)
Reflection for the Web 2008 (All Editions)
Reflection Security Gateway 2014
Extra! X-treme version 9.0 SP2 or higher
InfoConnect version 8.1 or higher
InfoConnect Desktop version 16.0 or higher
Reflection for UNIX and OpenVMS version 14.0 or higher
Reflection for HP with NS/VT version 14.0 or higher
Reflection X 2011
Reflection Suite for X 2011
Reflection X Advantage
Reflection X version 14.0 or higher
Reflection for Secure IT
Reflection for Secure IT Gateway
Reflection PKI Services Manager
Verastream Host Integrator version 7.0 or higher
Verastream Process Designer R4 SP1 or higher
Verastream SDK for Unisys and Airlines version 5.0
FileXpress Gateway version 1.0
Situation
Resolution
Attachmate and Micro Focus Products and FIPS Mode
To meet FIPS 140-2 standards, Attachmate products must be run in FIPS mode and use specific FIPS-validated cryptographic modules. When running in FIPS mode the module’s security policy (the definition of what the module has been certified to do) is used for secure connections. To view the detailed cryptographic module security policy, click the certificate link below for the specific certificate number.
Note: Contact your Chief Information Security Officer for information about the implications and applicability of using FIPS 140-2 validated cryptography on all of your systems.
Refer to the tables below to verify that your Attachmate products contains a FIPS 140-2 validated crypto module.
Cryptographic Library version 3
The following products use Attachmate Cryptographic Library version 3. This module includes the OpenSSL FIPS Object Module version 2.0.2, which has been validated by the National Institute of Standards and Technology (NIST), certificate #1747: http://csrc.nist.gov/groups/STM/cmvp/documents/140-1/1401val2012.htm#1747.
Note: On AIX POWER 64-bit only, library version 3.3.x includes the OpenSSL FIPS Object Module 2.0.11. OpenSSL FIPS Object Module version 2.0.11 has been validated by the National Institute of Standards and Technology (NIST), certificate #2398: http://csrc.nist.gov/groups/STM/cmvp/documents/140-1/1401val2015.htm#2398.
| Product |
Product Version |
Cryptographic Library |
Library Version |
| Extra! X-treme |
9.3 SP1 HF7 (9.3.1.2643) |
atmcrypto.dll |
3.2.70.0 |
| InfoConnect Desktop products |
16.0 |
atmcrypto.dll |
3.2.73.0 |
| InfoConnect |
9.2 SP1 U1 HF2 (9.2.1.2762) |
atmcrypto.dll |
3.2.73.0 |
| InfoConnect |
9.2 SP1 HF8 (9.2.1.2735) |
atmcrypto.dll |
3.2.70.0 |
| Reflection Desktop products |
16.0 |
atmcrypto.dll |
3.2.73.0 |
| Reflection 2014 |
R1 SP1 HF8 (15.6.1.808) |
atmcrypto.dll |
3.2.70.0 |
| Reflection 2014 |
R1 SP1 (15.6.1.746) |
atmcrypto.dll |
3.2.35.0 |
| Reflection 2014 |
R1 (15.6.0.636) |
atmcrypto.dll |
3.2.30.0 |
| Reflection for Secure IT Client for Windows |
7.2 SP4 U1 (7.2.4303) |
atmcrypto.dll |
3.2.72.0 |
| Reflection for Secure IT Client for Windows |
7.2 SP4 HF4 (7.2.4290) |
atmcrypto.dll |
3.2.70.0 |
| Reflection for Secure IT Gateway (SSH Proxy component) |
1.1 (1.1.1079) |
atmcrypto.dll |
3.3.72.0 |
| Reflection for Secure IT Server for Windows |
8.2 SP1 Update 1 (8.2.1100) |
Atmcrypto.dll |
3.3.89.0 |
| Reflection for Secure IT Server for Windows |
8.2 SP1 (8.2.1079) |
atmcrypto.dll |
3.3.72.0 |
| Reflection for Secure IT Server for Windows |
8.2 HF2 (8.2.131) |
atmcrypto.dll |
3.2.70.0 |
| Reflection for Secure IT Server for Windows |
8.2 |
atmcrypto.dll |
3.2.39.0 |
| Reflection for Secure IT Server for Windows |
8.1 |
atmcrypto.dll |
3.1.12.0 |
| Reflection for Secure IT Server and Client for UNIX See the note above for installations on AIX POWER |
8.0 SP2 |
libatmcrypto.so.3.3 libatmcrypto.sl.3.3 |
3.3.71 |
| Reflection for Secure IT Server and Client for UNIX |
8.0 SP1 HF3 (8.0.1.74) |
libatmcrypto.so.3.2 libatmcrypto.sl.3.2 |
3.2.76 |
| Reflection for HP, IBM, or UNIX and OpenVMS |
14.1 SP4 U1 HF5 (14.1.4502) |
atmcrypto.dll |
3.2.73.0 |
| Reflection for HP, IBM, or UNIX and OpenVMS |
14.1 SP4 HF4 (14.1.4476) |
atmcrypto.dll |
3.2.70.0 |
| Reflection X |
14.1 SP4 U1 HF5 (14.1.4502) |
atmcrypto.dll |
3.2.73.0 |
| Reflection X |
14.1 SP4 HF4 (14.1.4476) |
atmcrypto.dll |
3.2.70.0 |
| Verastream Host Integrator (on Windows) – see also KB 7021544 |
7.7 7.6 SP1 7.6 |
atmcrypto.dll atmcrypto.dll atmcrypto.dll |
3.2.40 3.2.35.0 3.2.23.0 |
| Verastream Host Integrator (on Linux and Solaris) – see also KB 7021544 |
7.7 7.6 SP1 7.6 |
libatmcrypto.so.3.2.40 libatmcrypto.so.3.2.35 libatmcrypto.so.3.2.0 |
3.2.40 3.2.35 3.2.0 |
| FileXpress Gateway |
1.0 HF4 (1.0.0.369) |
Atmcrypto.dll |
3.2.80.0 |
| FileXpress Gateway |
1.0 HF3 (1.0.0.368) |
atmcrypto.dll |
3.2.70.0 |
| FileXpress Gateway |
1.0 |
atmcrypto.dll |
3.2.39.0 |
Cryptographic Library version 2.0.40
Attachmate cryptographic library version 2.0.40 is used in the following products when operated in FIPS mode and has been validated by the National Institute of Standards and Technology (NIST), certificate #1027: http://csrc.nist.gov/groups/STM/cmvp/documents/140-1/1401val2008.htm#1027
| Product |
Product Version |
Cryptographic Library |
Library Version |
| Extra! |
9.1 – 9.2 SP1* |
rssccm.dll |
2.0.40 |
| InfoConnect |
9.0 SP1 – 9.1 SP1 |
rssccm.dll |
2.0.40 |
| Reflection for Secure IT Windows Client |
7.2 – 7.2.4275 |
rssccm.dll |
2.0.40 |
| Reflection for Secure IT Server and Client for UNIX |
8.0 SP1 – 8.0 SP1 HF3 (8.0.1.74) |
libssccm.so.2.0.40, libssccm.sl.2.0.40 |
2.0.40 2.0.40 |
| Reflection 2014 |
R1 – R1 SP1 HF7 (15.6.1.797) |
rssccm.dll |
2.0.40 |
| Reflection 2011 |
R1, R2, R3 |
rssccm.dll |
2.0.40 |
| Reflection 2008 |
R2 |
rssccm.dll |
2.0.40 |
| Reflection for HP |
14.0.5 – 14.1.4457 |
rssccm.dll |
2.0.40 |
| Reflection for IBM |
14.0.5 – 14.1.4457 |
rssccm.dll |
2.0.40 |
| Reflection for UNIX and OpenVMS |
14.0.5 – 14.1.4457 |
rssccm.dll |
2.0.40 |
| Reflection X |
14.0.5 – 14.1.4457 |
rssccm.dll |
2.0.40 |
| Verastream Host Integrator (on Windows) – see also KB 7021544 |
7.0 – 7.5 SP1 |
rssccm.dll |
2.0.40 |
| Verastream Host Integrator (on Linux and Solaris) – see also KB 7021544 |
7.0 – 7.5 SP1 |
libssccm.so.2.0.40 |
2.0.40 |
* Applies to EXTRA! 9.2 or higher connections configured to use Security Type "Attachmate SSL v3.0," "Attachmate TLS v1.0," or "Attachmate FIPS 140-2," and to EXTRA! 9.1 connections configured to "Use Attachmate Security" with "SSL/TLS" or "FIPS 140-2" selected as the Level of Encryption.
Cryptographic Library version 1.0.170
Attachmate cryptographic library version 1.0.170 is used in the following products when operated in FIPS mode and has been validated by the National Institute of Standards and Technology (NIST), certificate #766: http://csrc.nist.gov/groups/STM/cmvp/documents/140-1/1401val2007.htm#766
| Product |
Product Version |
Cryptographic Library |
Library Version |
| EXTRA! |
9.0 SP1 – SP2 * |
rssccm.dll |
1.0.170 |
| INFOConnect |
8.1 SP1 – 9.0 |
rssccm.dll |
1.0.170 |
| Reflection for Secure IT Windows Client |
7.0 |
rssccm.dll |
1.0.170 |
| Reflection 2007 |
R1 |
rssccm.dll |
1.0.170 |
| Reflection for HP |
14.0 – 14.0.4 |
rssccm.dll |
1.0.170 |
| Reflection for IBM |
14.0 – 14.0.4 |
rssccm.dll |
1.0.170 |
| Reflection for UNIX and OpenVMS |
14.0 – 14.0.4 |
rssccm.dll |
1.0.170 |
| Reflection X |
14.0 – 14.0.4 |
rssccm.dll |
1.0.170 |
| Reflection 2008 |
R1 |
rssccm.dll |
1.0.170 |
Applies to EXTRA! connections that are configured to "Use Attachmate Security" with "SSL/TLS" or "FIPS 140-2" selected as the Level of Encryption.
RSA BSAFE Crypto-J JSAFE and JCE Module version 6.2.1
RSA BSAFE Crypto-J JSAFE and JCE software module version 6.2.1 is used in the following Micro Focus products when operated in FIPS mode. This version has been validated by the National Institute of Standards and Technology (NIST), certificate #2468: http://csrc.nist.gov/groups/STM/cmvp/documents/140-1/1401val2015.htm#2468.
To upgrade to RSA BSAFE Crypto-J JSAFE and JCE Module version 6.2.1, contact Technical Support to obtain a hotfix.
| Product |
Product Version |
Cryptographic Library |
Library Version |
| Reflection for Secure IT Gateway |
1.1 (1.1.0.252) |
RSA BSAFE Crypto-J JSAFE and JCE Software Module |
6.2.1 |
| Reflection ZFE |
2.0.1 |
RSA BSAFE Crypto-J JSAFE and JCE Software Module |
6.2.1 |
| FileXpress Gateway |
1.0 HF4 (1.0.0.369) |
RSA BSAFE Crypto-J JSAFE and JCE Software Module |
6.2.1 |
| Host Access Management and Security Server |
12.2.319 |
RSA BSAFE Crypto-J JSAFE and JCE Software Module |
6.2.1 |
| Reflection for the Web |
12.2.319 |
RSA BSAFE Crypto-J JSAFE and JCE Software Module |
6.2.1 |
| Reflection Security Gateway 2014 |
12.1.337 |
RSA BSAFE Crypto-J JSAFE and JCE Software Module |
6.2.1 |
| Reflection for the Web 2014 |
12.1.337 |
RSA BSAFE Crypto-J JSAFE and JCE Software Module |
6.2.1 |
Attachmate Security Component for Java version 1.32
Attachmate Security Component for Java cryptographic library version 1.32 is used in the following products for TLS connections when operated in FIPS mode.
| Product |
Product Version |
Cryptographic Library |
Library Version |
| Host Access Management and Security Server * |
12.2.124 – 12.2.319 |
Attachmate Security Component for Java |
1.32.004 |
| Reflection ZFE |
2.0.1 |
Attachmate Security Component for Java |
1.32.004 |
| Reflection for the Web * |
12.2.124 – 12.2.319 |
Attachmate Security Component for Java |
1.32.004 |
| Reflection Security Gateway 2014 * |
12.1.337 |
Attachmate Security Component for Java |
1.32 |
| Reflection for the Web 2014 * |
12.1.337 |
Attachmate Security Component for Java |
1.32 |
| Reflection for the Web 2011 |
R1 |
Attachmate Security Component for Java |
1.32 |
| Reflection for the Web 2008 |
R3 |
Attachmate Security Component for Java |
1.32 |
* Apply a hotfix for your product to use RSA BSAFE Crypto-J JSAFE and JCE Module version 6.2.1, which has been validated by the National Institute of Standards and Technology (NIST). Contact Technical Support to obtain the hotfix.
RSA BSAFE Crypto-J JSAFE and JCE Module version 6.1
RSA BSAFE Crypto-J JSAFE and JCE software module version 6.1 is used in the following Attachmate product when operated in FIPS mode. This version has been validated by the National Institute of Standards and Technology (NIST), certificate #2058: http://csrc.nist.gov/groups/STM/cmvp/documents/140-1/1401val2013.htm#2058.
| Product |
Product Version |
Cryptographic Library |
Library Version |
| FileXpress Gateway |
1.0 HF3 (1.0.0.368) |
jcmFIPS-6.1.2.jar |
6.1.2 |
| Verastream Process Designer (on Windows, Linux, and Solaris) |
R5 SP1 – R6 |
jcmFIPS.jar |
6.1 |
| Verastream Host Integrator (on Windows, Linux, and Solaris) |
7.6 SP1 – 7.7 7.5 SP1 – 7.6 |
jcmFIPS-6.1.1.2014.0123.jar jcmFIPS.jar |
6.1.1 6.1 |
| Verastream SDK for Unisys and Airlines |
5.0 |
jcmFIPS.jar |
6.1.0.2 |
| Reflection PKI Services Manager |
1.3 SP1 |
jcmFIPS.jar |
6.1.2 |
| Reflection PKI Services Manager |
1.2 SP2 – 1.3 |
jcmFIPS.jar |
6.1 |
| Reflection X Advantage |
5.0 |
jcmFIPS.jar |
6.1 |
* For information about installing the cryptographic module in Luminet, see https://download.attachmate.com/fileinfo.aspx?filename=luminet-1-2-fips-module-installation-guide.pdf (login required).
RSA BSAFE Crypto-J JCE Provider Module version 5.1
RSA BSAFE Crypto-J JCE Provider software module version 5.0 is used in the following Attachmate products when operated in FIPS mode.
| Product |
Product Version |
Cryptographic Library |
Library Version |
| Host Access Management and Security Server * |
12.2.124 – 12.2.313 |
RSA BSAFE Crypto-J JCE Provider |
5.0 |
| Reflection for the Web * |
12.2.124 – 12.2.313 |
RSA BSAFE Crypto-J JCE Provider |
5.0 |
| Reflection Security Gateway 2014 * |
(12.1) R1, R2 12.1.122 – 12.1.333 |
RSA BSAFE Crypto-J JCE Provider |
5.0 |
| Reflection for the Web 2014 * |
(12.1) R1, R2 12.1.122 – 12.1.333 |
RSA BSAFE Crypto-J JCE Provider |
5.0 |
* Apply a hotfix for your product to use RSA BSAFE Crypto-J JSAFE and JCE Module version 6.2.1, which has been validated by the National Institute of Standards and Technology (NIST). Contact Technical Support to obtain the hotfix.
RSA BSAFE Crypto-J JCE Provider Module version 4.1
RSA BSAFE Crypto-J JCE Provider software module version 4.1 is used in the following Attachmate products when operated in FIPS mode and has been validated by the National Institute of Standards and Technology (NIST), certificate #1291: http://csrc.nist.gov/groups/STM/cmvp/documents/140-1/1401val2010.htm#1291
| Product |
Product Version |
Cryptographic Library |
Library Version |
| Verastream Process Designer (on Windows, Linux, and Solaris) |
R4 SP1 – R5 |
cryptojFIPS.jar |
4.1 |
| Verastream Host Integrator (on Windows, Linux, and Solaris) |
7.1 SP1 – 7.5 |
cryptojFIPS.jar |
4.1 |
* For information about installing the cryptographic module in Luminet, see https://download.attachmate.com/fileinfo.aspx?filename=luminet-1-1-fips-module-installation-guide.pdf (login required).
RSA BSAFE Crypto-J JCE Provider Module version 4.0
RSA BSAFE Crypto-J JCE Provider software module version 4.0 is used in the following Attachmate products when operated in FIPS mode and has been validated by the National Institute of Standards and Technology (NIST), certificate #1048: http://csrc.nist.gov/groups/STM/cmvp/documents/140-1/1401val2008.htm#1048
| Product |
Product Version |
Cryptographic Library |
Library Version |
| Reflection X Advantage |
2.0 – 4.2 |
jsafeJCEFIPS.jar |
4.0 |
| Reflection PKI Services Manager |
1.0 – 1.2 SP1 |
jsafeJCEFIPS.jar |
4.0 |
RSA BSAFE Crypto-J JCE Provider Module version 3.6
RSA BSAFE Crypto-J JCE Provider software module version 3.6 is used in the following Attachmate product for SSH and SFTP connections when operated in FIPS mode and has been validated by the National Institute of Standards and Technology (NIST), certificate #820: http://csrc.nist.gov/groups/STM/cmvp/documents/140-1/1401val2007.htm#820
| Product |
Product Version |
Cryptographic Library |
Library Version |
| Reflection for the Web 2011 |
R1 |
RSA BSAFE Crypto-J JCE Provider |
3.6 |
| Reflection for the Web 2008 |
R3 |
RSA BSAFE Crypto-J JCE Provider |
3.6 |
Additional Information
To review security update information for Attachmate products, see https://support.microfocus.com/security.
Notice: This technical note is updated from time to time and is provided for informational purposes only. Attachmate makes no representation or warranty that the functions contained in our software products will meet your requirements or that the operation of our software products will be interruption or error free. Attachmate EXPRESSLY DISCLAIMS ALL WARRANTIES REGARDING OUR SOFTWARE INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.