This technical note outlines the new features available in the Reflection for Secure IT Windows Client 7.1 release, as well as product release notes.Note: Reflection for Secure IT version 7.2 is available beginning June 2010. For a list of new features in 7.2, see KB 7021989.
Reflection for Secure IT Windows Client 7.1 New Features
- Support for arcfour128, arcfour256, aes128-ctr, aes192-ctr, and aes256-ctr ciphers provides greater security. By default, the client now proposes the following ciphers in this order: "aes128-ctr,aes128-cbc,aes192-ctr,aes192-cbc,aes256-ctr,aes256-cbc,3des-cbc,blowfish-cbc,cast128,cbc,arcfour128,arcfour256,arcfour".
- Support for hmac-sha256 and hmac-sha512 Message Authentication Code (MAC) algorithms. The client now proposes the following MACS by default (in this order): "hmac-sha1,hmac-sha256,hmac-sha512,hmac-md5,hmac-ripemd160,hmac-sha1-96,hmac-md5-96".
- HTTP proxy server support enables you to configure Secure Shell connections through an HTTP proxy server. From the Reflection Secure Shell Settings dialog box, configure use of an HTTP server using the new Proxy tab.
Note: SOCKS proxy support is now configured using the new Proxy tab. (In previous versions it was configured on the General tab.)
- Support for environment variables in configuration file settings enables you to now include Windows environment variables when you specify values for the following configuration file keywords: UserConfigDirectory, IdentityFile, PasswordFile, UserKnownHostsFile, GlobalKnownHostsFile, User, and AuthCookie. Use "%" before and after the environment variable name, as in the following example:
- IPv6 support in command line utilities supports specifying IPv6 host names when using the Secure Shell command line utilities. Note: IPv6-formatted IP addresses must be enclosed in square brackets, as in the following example:
- Microsoft Windows Server 2008 support. See KB 7022010 for more information about supported platforms in Reflection for Secure IT.
- New option to add a new host key when a change to an existing host key is detected. If StrictHostKeyChecking is set to âyesâ, you are now given the option of adding a new key to the known hosts file (using the same host name but a different IP address, port, or key), in addition to the option of overwriting the existing key.
- New CheckHostPort keyword supports configuring the client to check the host port in the known hosts file in addition to checking the host public key. When this keyword is set to "yes", the connection is allowed only if the host port in the known hosts list matches the port you are using for the connection. The default is "no". Note: This setting has no effect if StrictHostKeyChecking = no.
Reflection FTP Client New Features
- New settings for configuring download and upload options before each transfer are available on the site properties Transfer tab: "Show download options before transfer" and "Show upload options before transfer". Enable these settings to be queried for the transfer method (for example, ASCII or binary) and file properties (UNIX attributes or Windows read-only or hidden properties, depending on the server) before each transfer. Note: The FTP server must support the SITE UMASK command for the attributes settings to succeed on uploads.
- HTTP proxy server support makes configuring FTP connections through an HTTP proxy server possible. From the Connect to FTP Site dialog box, click Security, then configure use of an HTTP or SOCKS server using the Proxy tab. (To configure Secure Shell SFTP connections through an HTTP or SOCKS proxy, use the Proxy tab in the Reflection Secure Shell Settings dialog box.)
- Configure default permissions for uploaded files. You can now specify an initial umask value to send to the server upon connection. The FTP server must support the SITE UMASK command for this setting to succeed. This value modifies the default permissions attributes set on subsequently created files. From the Connect to FTP Site dialog box, go to Properties > Connection > Initial umask. Note: This setting is not available for SFTP connections.
- IPv6 support enables you to specify host names using IPv6 addresses.
The following known issue has been found in the Reflection for Secure IT Windows Client 7.1.
SHA512 Algorithm Not Implemented
The new SHA512 hash requires the diffie-hellman-group14-sha1 key exchange algorithm. This algorithm is not implemented in 7.1, however it is available in 7.1 SP2. See KB 7021988 for details.
Obtaining Your Product Upgrade
Maintained customers are eligible to download the latest product releases from the Attachmate Download Library web site: https://download.attachmate.com/Upgrades/.
You will be prompted to login and accept the Software License Agreement before you can select and download a file. For more information on using the Download Library web site, see KB 7021965.
For information about purchasing Reflection for Secure IT, please e-mail us: SalesRecept@attachmate.com.
For information about platform support in Reflection for Secure IT, see KB 7022010.
Installing or Upgrading to Reflection for Secure IT Windows Client 7.1 References
For information about installing Reflection for Secure IT Windows Client 7.1, see the Installation topic in the User Guide, which is available in the product or from the documentation page, https://support.microfocus.com/manuals/rsit_win_client.html.
For information about upgrading to version 7.1, see KB 7022105.