Technical Notes

You can now easily copy text from one region of a host screen to the same region on another screen. To use this feature go to Setup > View Settings. Set Retain selection to Yes. Also, set Clear selection on screen when copied to No to ensure that the selection is not cleared after the copy/append action.

Reflection was incorrectly sending a PA2 when the Show Host Files button was used to upload a file with no host file name defined. This problem has been resolved.

In some previous versions, enabling the Exit when last client closed setting did not result in Reflection X shutting down after the last X client application was closed. This problem has been fixed.

You can now disconnect from the server (the preferred way to terminate network connections) or close the client when connected to a site that is configured to use SSL/TLS. When you close a connected session, the client now disconnects the SSL/TLS-secured FTP connection before shutting down.

On some 3270 host screens with protected numeric fields, the cursor would skip valid available input fields when the user entered data that spans multiple fields. This problem has been corrected.

Macros that use the OpenSettings method to open partial settings files now work correctly. For example, the command Session.OpenSettings rcKeymap, "C:\temp\sample.map" now correctly opens the sample.map keymap file.

Settings exported to XML now contain the correct data for customized toolbars. Previously Reflection was not correctly storing data for bitmap images assigned to customized toolbar buttons.

Reflection X no longer leaves unpainted areas when a complex graphics expose event is delivered to a PseudoColor emulation window.

This service pack addresses a problem with font scaling.

In previous versions, Reflection X ignored the default character for some 16-bit fonts when they were loaded from a font server. This problem has been fixed.

Portions of Microsoft Windows applications no longer appear in an xterm window when Reflection X is performing a CopyArea request.

A fix in this service pack addresses a problem in which KDE 3.3 desktop clients kept running after the Microsoft Windows screensaver was dismissed.

Three-button mouse emulation now functions correctly.

If text is selected in an xterm window, performing a Copy Rectangle to Windows Clipboard now overwrites the contents of Windows Clipboard with the rectangle you copied. Previously, the rectangle would be immediately overwritten by the string that was selected in the xterm window.

Reflection X now correctly handles colors with NULL terminators.

Two new settings have been added to the Transfer tab of the Site Properties dialog box:

The FTP Client now launches successfully if your Desktop or My Documents folder is not in your roaming profile.

The Reflection session now remains connected if you attempt to change to an empty directory. Previously either of the following commands disconnected the session:

On the FTP command line: cd (with no directory specified)

Using the Reflection FTP Client API: .SetCurrentDirectory " "

Fixed security vulnerability, US-Cert VU#845620, http://www.kb.cert.org/vuls/id/845620 -- Multiple RSA implementations fail to properly handle signatures. For more details see General Security Alerts and Advisories section of this Technical Note 1708.

The sftp and sftp2 command line utilities now accept syntax to copy host files to the local root directory or to the root directory of another local drive. Commands such as the following are now supported:

This patch provides improved SFTP support for traversing directories on OpenVMS systems.

Reflection now reads private keys created with F-Secure that have a passphrase with more than 23 characters.

Fixed security vulnerability, US-Cert VU#845620, http://www.kb.cert.org/vuls/id/845620 -- Multiple RSA implementations fail to properly handle signatures. For more details see General Security Alerts and Advisories section of this Technical Note 1708.

Version 13.0.4 includes new Public Key Infrastructure (PKI) support for making SSL/TLS connections. See the SSL/TLS 13.0.4 section below for details.

A new setting is available for specifying whether or not Reflection checks Certificate Revocation Lists (CRLs) before making an SSL/TLS connection. To modify this setting, go to Connection > Setup > Security. On the SSL/TLS tab, select Use SSL/TLS Security, then click Configure PKI.

This setting applies to SSL/TLS connections. It has been moved to the PKI Configuration dialog box from the SSL/TLS tab of the Security properties dialog box. To modify this setting, go to Connection > Setup > Security. On the SSL/TLS tab, select Use SSL/TLS Security, then click Configure PKI.

The Paste Range command now works as expected. Previously pasted text did not always match the text copied to the clipboard.

The Paste Next command now works correctly when you paste a large number of double-byte characters (80 or more) to an AS400 field. Previously Reflection shut down unexpectedly or displayed an error message saying the memory could not be read or written.

The Paste and Paste Next commands now behave as expected based on the current values for Word Wrap for 3270 and Word Wrap for 3270 Minimum Field Length.

When you use IND$File to transfer files to a partitioned data set, Reflection now creates a new member using the local file name when no host member is specified. Prior to this patch, Reflection transferred the local file to an existing member.

File transfers are now handled correctly when Reflection is configured for structured transfers (the default) and the host starts a transfer in buffered mode.

Version 13.0.4 includes many new security features. See the Secure Shell 13.0.4 and SSL/TLS 13.0.4 sections below for details.

The host program VAXLINK2 has been ported to the Itanium Integrity Server using the Alpha Environment Software Translator (AEST) utility. The AEST utility translates the alpha executable image into an I64 compatible object.

See the Secure Shell 13.0.4 section below for a list of resolved issues that affect Secure Shell connections in all Reflection applications.

Prior to this patch, Reflection Secure Shell sessions would sometimes hang when receiving a long, continuous stream of data from the host. This problem no longer occurs.

A new setting, called FTP Use Sftp Structure Listing, is available for configuring how Reflection handles integrated SFTP file transfer. (Reflection uses integrated SFTP file transfer when you have configured a Secure Shell connection to your host and FTP is the selected file transfer protocol.) Use Setup > View Settings to configure this setting. When this setting is set to No (the default), Reflection uses the standard UNIX data listing style. When it is Yes, Reflection uses the structured data listing style, which is required for successful transfers to and from OpenVMS hosts running an SSH-2.0-2.4.1 server and any host running VanDyke VShell.

Version 13.0.4 includes many new security features. See the Secure Shell and SSL/TLS sections of this readme for details.

Reflection X has a new setting for suppressing response to XBell protocol requests. To configure the setting go to Settings > View Settings and search for Ignore XBell protocol response. When this setting is enabled Reflection does not make any sound when it receives an XBell request.

Reflection will now advertise the slant and weight of Windows TTF fonts as wildcards. This allows aliases to be created for an X Logical Font Description (XLFD) with any slant and weight. For example, the following aliases allow Reflection to advertise extra bold and extra bold italic ANSI fonts:

See the Secure Shell 13.0.4 section below for a list of resolved issues that affect Secure Shell connections in all Reflection applications.

This patch adds support to confine the cursor to a window with a non-rectangular shape.

The following changes have been implemented to fix this problem:

When the first thing drawn into an 8-bit pixmap is bitmap text, Reflection X no longer shuts down unexpectedly.

This patch adds support for missing OpenGL 1.2 enumerations.

The Reflection X Root Window now correctly displays across multiple monitor screens when Place it on monitor(s) is set to All.

The Clipboard setting, Confirm file name before saving, was not working properly. A confirmation dialog did not appear as it should have when saving the clipped data to a file. This is now fixed.

This patch fixes window display sizing problems seen when Reflection is configured to use the X terminal desktop window mode.

XDMCP indirect connection files now work correctly when the Always maintain one XDMCP session setting is turned off. Previously, the indirect host chooser list would appear, but choosing a host would not result in a connection to that host, and the login screen would not appear. (This problem did not affect XDMCP indirect connection files with Always maintain one XDMCP session turned on.)

Reflection X now behaves as expected when you use the system tray icon to toggle between the X backdrop and the Windows desktop. Previously this behavior was inconsistent.

Version 13.0.4 includes many new security features. See the Secure Shell 13.0.4 and SSL/TLS 13.0.4 sections below for details.

See the Secure Shell 13.0.4 section below for a list of resolved issues that affect Secure Shell connections in all Reflection applications.

The server pane display for OpenVMS hosts now works correctly when Use structured data listing is enabled. To configure this setting, select the site in Connect to FTP site dialog box, and click Security. In the Secure Shell tab select Use structured listing data. Prior to this fix, the server pane display remained empty and GET commands entered on the FTP command line failed with a file not found error.

The Upload key on the Secure Shell Settings User Keys tab now successfully handles uploads to OpenVMS hosts.

Reflection now properly executes and displays host commands appended to the ssh or ssh2 command line.

Certificates in the new Reflection store can be used for host and user authentication during Reflection SSL/TLS sessions. Use the new Reflection Certificate Manager to manage these certificates. (Reflection continues to support authentication using certificates in the Windows certificate store.)

You can configure Reflection to use an LDAP server for retrieving both CRLs (Certificate Revocation Lists) and intermediate certificates. See the LDAP tab in the Reflection Certificate Manager.

Reflection now supports authentication using smart cards that conform to PKCS#11 specifications. See the PKCS #11 tab in the Reflection Certificate Manager.

Reflection now authenticates correctly with imported keys that were generated using F-Secure and include a comment field that spans multiple lines. This problem can occur when keys are generated on machines in which the username@hostname string is longer than 14 characters. (The ability to import keys from F-Secure was added in Reflection version 13.0.1, and requires that the F-Secure Fsclm.dll library from the F-Secure Windows client is on your system.)

This patch fixes a problem that was introduced in version 13.0.1 and caused unexpected scrollbar behavior when the cursor was located at the bottom of Reflection for HP's display memory. The scroll bar now operates as expected.

This patch fixes cursor flashing that was seen with some host applications. (This behavior was introduced by changes made in version 10.0 to support customer sites that require rapid cursor response. Users who need rapid cursor response -- to facilitate faster data entry, for example -- can use smaller values for the Cursor Delay setting, or set it to zero(0). When this setting is zero (0), Reflection always redraws the cursor every time it is moved by the host application.)

Administrators can now use the Reflection X Profiler to edit a Reflection X profile (Rx.ini) that resides on an end-user's system. The profile needs to have been installed with Reflection X, and the person remotely editing the profile must be the administrator of a Windows 2000 or XP domain with the proper remote administration access rights on the end user's system. For more information, see Technical Note 1843.

Reflection now authenticates correctly with imported keys that were generated using F-Secure and include a comment field that spans multiple lines. This problem can occur when keys are generated on machines in which the username@hostname string is longer than 14 characters. (The ability to import keys from F-Secure was added in Reflection version 13.0.1, and requires that the F-Secure Fsclm.dll library from the F-Secure Windows client is on your system.)

GDI resource usage is now minimized when one or more clients are creating a large number of similarly-shaped glyph cursors.

Reflection X now correctly sends a graphics expose event and paints the background of a window on a CopyArea even if the area specified by src rectangle is outside the area specified by src drawable.

Reflection X now correctly interprets the percent value in XBell requests. A value of 0 will silence the bell sound.

All segments in a polysegment request drawn with a non-default planemask and/or a non-default alu will now be correctly rendered to a PseudoColor Emulation window.

A notification dialog box is now displayed when a connection error occurs and both the Show Host Response and Connection Status commands (View menu) are disabled.

Displaying an input-only window would sometimes inadvertently cause the wrong cursor to be displayed. This problem has been fixed.

There were problems with the Backspace key not auto-repeating. This problem has been fixed.

The %IP% macro in client file scripts was not always expanded correctly when it was used with the Secure Shell connection method. It was expanded to the string "tmp.IPa.ddr.ess" instead of the PC's IP address. This problem has been fixed.

When User-based security is enabled and Secure Shell is the connection method, Reflection X generates a cookie that is added to the .Xauthority file on the host.

This same cookie is now available via the %C% macro, within the client file script command.

In Reflection X 13.0.1, profiled settings would only take effect if they were locked. This problem has been fixed.

Reflection now authenticates correctly with imported keys that were generated using F-Secure and include a comment field that spans multiple lines. This problem can occur when keys are generated on machines in which the username@hostname string is longer than 14 characters. (The ability to import keys from F-Secure was added in Reflection version 13.0.1, and requires that the F-Secure Fsclm.dll library from the F-Secure Windows client is on your system.)

Folder icons now display correctly. This problem was seen when the Reflection FTP Client was installed on a Citrix server running Windows 2003 and the server C drive had been remapped using the Citrix DriveRemap utility.

Reflection FTP now connects successfully when configured to use SSL/TLS. This problem was seen in Reflection FTP 13.0.1 when trying to connect to some FTP servers, including IBM hosts running z/OS V1R5 and OS/400 V5R2 and V5R3.

This patch fixes a problem that caused the FTP Client to disappear when attempting a directory listing involving a large number of files. This problem was reported for connections to MVS and OpenVMS hosts.

Reflection now authenticates correctly with imported keys that were generated using F-Secure and include a comment field that spans multiple lines. This problem can occur when keys are generated on machines in which the username@hostname string is longer than 14 characters. (The ability to import keys from F-Secure was added in Reflection version 13.0.1 and Reflection for Secure IT 6.0.1, and requires that the F-Secure Fsclm.dll library from the F-Secure Windows client is on your system.)

You can now configure Reflection for IBM 5250 terminal sessions to sign on to IBM hosts using your Windows credentials. This works in conjunction with IBM's Enterprise Identity Mapping (EIM), which must be configured on your host computers. To configure Reflection for single signon, open the Session Setup dialog box and set the Session Type to IBM 5250 Terminal and set Transport to Telnet. Next, click Advanced and select Auto Signon and Use Windows credentials. Programmatic support for this feature is provided by the new UseWindowsCredentials property.

Reflection 3270 sessions now support the IBM Express Logon Feature (ELF). This feature allows you to configure 3270 Telnet sessions to connect without requiring you to enter a user ID and password. When this feature is enabled, the Telnet 3270 server uses certificate information from an SSL connection and the application ID supplied by Reflection to request a user ID and a passticket (a temporary password) from the IBM host access control program RACF. See Technical Note 1865 for information about how to configure this support.

When you enter Thai characters in a host application, Reflection determines by default whether the input is legal according to the rules of Thai character composition. The Allow Invalid Thai Input setting turns off this validity checking. This setting supports host applications that compose valid Thai characters from base characters and accent marks entered as separate characters in the terminal session. To enable this setting, go to Setup > View Settings, then search for "thai".

Reflection for IBM is now metered correctly by the Reflection metering server when you are using a Microsoft Internet Information Server port.

This patch fixes a problem that sometimes caused 5250 printer sessions to terminate unexpectedly when configured to print to a file. This problem occurred when the printed output contained a Carriage Return (CR) immediately followed by a Presentation Position function of type Absolute Horizontal.

This patch fixes a problem that occurred after an AS/400 file transfer configured to send output to display (Setup > File Transfer > Options > Output to > Display). Prior to this fix, a subsequent download to a file showed a negative record count.

This patch fixes a problem that prevented successful connections in Reflection sessions configured to use SSL/TLS authentication. The problem was reported when *.pfx and *.p12 certificates were imported without the "Enable strong private key protection" option selected.

This patch fixes a problem that caused some Reflection 3270 terminal sessions to incorrectly display PROG752 error messages indicating the presence of invalid screen input.

On some fast computers, commands associated with the 'At a specific time of day' event were triggered multiple times. This patch corrects that problem.

This patch supports editing of Reflection macros when Reflection for IBM is running as an ActiveX Control.

See the "Secure Shell" section below for more information.

A new setting called Cursor Delay allows you to adjust how quickly the cursor reappears when there is a pause in the stream of data from a host. You can use this setting when instructions from a host application create distracting cursor movements, such as positioning the cursor at the beginning of the field before repositioning it. To change the value of this setting, use the View Settings dialog box (Setup > View Settings). The default value is 25 milliseconds. The range of values is 0 to 1000 milliseconds.

For additional information about this new GSSAPI tab, see Technical Note 1938.

This patch fixes scrolling problems that were reported when the Terminal Type is set to IBM 3151. This fix affects Reflection for UNIX and OpenVMS and Reflection for ReGIS Graphics.

The Reflection Transmit method now successfully handles hexadecimal data sent using the rcHexData option.

Reflection was incorrectly homing the cursor when the number of display rows was changed in VT emulation. This problem has been corrected.

The cursor now blinks as expected when Color Cursor is selected (Setup > Display > Colors tab > Color cursor).

Reflection now correctly displays UTF-8 characters that are received after cursor positioning.

One line draw character was incorrectly rendered as a Beta (ß) character when using host character set PC437. This patch fixes that problem.

The Advertise single depth visuals check box allows you to limit color depths to the depth defined in the Color Settings panel (Settings menu > Color).

See the "Secure Shell" section below for more information.

Starting with version 13.0.1, local X client connections are maintained (the server is not reset) if your PC enters hibernation mode and your X client sessions are suspended. As with previous versions of Reflection X, you have the option to deny session suspension (Settings menu > Server > Confirm close when clients are connected check box).

You can now make Reflection X connections using Telnet when Reflection for UNIX and OpenVMS is not installed on the same computer. Prior to this patch, these connections failed with an error message that said, "Telnet is unavailable. Please verify that Rntelnx.dll is installed and is in your path (RX5167)."

Local Connection (.rxc) files can now use the %#% macro in the Executable parameters field to pass the correct X Server display number to a local X client.

The Reflection splash screen no longer displays when the -nc (Minimal UI) startup switch is used to start Reflection X.

The MIT-MAGIC-COOKIE mechanism is now working correctly when User-based security is enabled. The client file %C% macro is also now functioning properly.

The "Hide taskbar icon on minimize" setting is now honored on startup if Reflection X Manager is minimized during the startup process, such as, when a client file is launched from a shortcut.

The Telnet connection method configured to use SOCKS no longer causes an Application Error.

X Instance Settings files (.rxs) are now imported correctly when used in a shortcut, with the -s command line switch or imported manually using the File menu > Import X Instance Settings.

The X Terminal Desktop title bar now correctly shows the display and screen numbers when more than one X server instance is running and one of the instances has more than one screen configured.

A problem launching X clients on some Linux hosts has been corrected. The host prompt on these hosts may be followed by a VT escape sequence "CSI K". This was interrupting the X Manager's processing of the client file, thus preventing the X client launch command from being sent to the host.

The 8-bit XYPixmap format "GetImages" now returns correct data for an image of any size.

The Reflection X server no longer needs to be restarted after the Windows desktop is locked or unlocked.

Problems with keyboard focus behavior have been addressed.

In previous versions of Reflection, if Reflection X used a display number other than 0 (zero), connection attempts to VMS hosts sometimes failed. This problem has been fixed.

When Microsoft Windows Window Manager was selected, client window content sometimes didn't fit within the client window's border. This problem has been fixed.

Problems with transparent Xterm windows have been fixed.

When the Use secure file transfer check box is selected in the Font Retrieval dialog box, there is no need to provide a password.

When changing between X and Microsoft Desktop mode with multiple monitors, the X root window size is now correctly calculated and the root window is placed on the selected monitor.

Users can now go any number of folder levels down from the folder specified in the Font Retrieval dialog box. In previous versions, users were limited to only one level.

In previous versions of Reflection, if a user tried to send a selection made via the Copy Selection method to a disconnected printer, Reflection X would shut down. Now, in the above situation, users will see a Windows login dialog box for the printer's server.

Starting with this patch, when Reflection Windows Manager and X terminal desktop are enabled, selecting X Client Manager from the shortcut menu results in the X Client Manager becoming the active foreground window.

RenderLarge requests for glDrawArrays is now fixed in Reflection X Replay.

Extensions are now properly displayed in the processed trace text file even when trace filters are active.

This patch resolves scaling problems that were seen with Windows .TTF fonts.

This patch resolves problems with the Japanese inline input support in the TOPQ3 client application.

The Reflection FTP Client can now be configured to transfer files securely (using the TLS protocol) through the Reflection security proxy server. This proxy server is available with Reflection Administrator (available seperately). To configure this from the FTP Client, open the Site Properties dialog box, click Security, then go to the SSL/TLS tab. Use this tab to enable a connection through the Reflection security proxy and to specify the Security proxy server and port to connect to. You can also configure this support using either Reflection Administrator or the Reflection for the Web Administrative Workstation.

See the "Secure Shell" section below for more information.

The Reflection FTP client supports a new firewall style named "FirewallUser@FtpServer." To configure this style, open the Site Properties dialog box, click Security, then select this style in in the drop-down list on the Firewall tab. This new style uses the following authentication command sequence:

The FTP Client no longer saves the firewall password if the firewall's 'Save Password' setting is not set. This caused error messages saying, "421-Access denied - wrong user name or password" when Reflection was configured to connect through a firewall using one-time-password tokens for firewall authentication.

You can now successfully view directories that include files with a Last Access Time of 0. Prior to this patch, attempts to view these files failed with an error message that read, "The parameter is incorrect." After this error message was displayed it was not possible to navigate to other local folders without first exiting and restarting the Client.

The FTP Client now connects successfully to FTP servers, such as Rhinosoft, that send a banner after the SSL/TLS handshake has been completed.

You now need to enter your password prompt only once when you have configured the FTP Client to connect through a SOCKS 5 proxy server.

The sftp command line utility now supports use of both the -b and -H command line parameters. Prior to this patch, if you used both switches on the same command line, the second switch was ignored.

You can now perform sftp file transfer using the Reflection command line utility when a host certificate (PKI) is used for host authentication. Prior to this patch, sftp command line transfers failed if the host's public key was not in your known_hosts file.

The Secure Shell Settings dialog box has new settings that make it easier to configure Reflection to authenticate to Reflection for Secure IT SSH servers using your Windows domain credentials. To do this:

The new GSSAPI tab in the Secure Shell settings dialog box includes a new setting called Use default service principal name. If you have enabled SSPI, you can use this setting to specify a service principal in a realm that is different from the Windows domain. Use a fully qualified host name followed by @ then the realm. For example, Host.acme.com@REALM. (This change is saved to the ssh config file using the new keyword GssServicePricipal.)

For additional information about the new GSSAPI tab, see Technical Note 1938.

This patch fixes delays that were seen when opening the Secure Shell Settings dialog box, opening the User Key or Host Key tabs in this dialog box, making Secure shell connections, and disconnecting Secure Shell connections.

The sftp command line utility now supports use of both the -b and -H command line parameters. Prior to this patch, if you used both switches on the same command line, the second switch was ignored.

You can now identify the host key type (SSH1 or SSH2) when you view the Trusted Host Keys list on the Host Keys tab of the Secure Shell Settings dialog box. SSH1 keys are now identified as RSA1 under Type. SSH2 keys are identified as either RSA or DSA.

This patch fixes a problem reported when connecting using Secure Shell to hosts running the SSH Corporation server in HP's TCP/IP package for OpenVMS. Prior to the patch Reflection displayed a prompt asking for a new passphrase (rather than password) when you tried to connect using an expired password. If you treated this prompt as if it said password, you could successfully update your password and connect. If you canceled the prompt, Reflection closed unexpectedly.

Reflection now uploads keys to the host successfully after an initial attempt fails because of incorrect host or user name information. Prior to this patch, you had to close the Secure Shell settings dialog box and then reopen it to upload a key successfully after a failed first attempt.

This patch fixes a problem that caused the confirmation prompt to be hidden beneath other windows when the Reflection key agent is configured to confirm remote key operations.

Reflection's key upload functionality now supports password authentication whenever you upload keys to the host. Prior to this patch, it was not possible to upload the key to a host if password authentication had been disabled. Reflection now prompts for a password to make the key upload connection to a host regardless of the current User Authentication setting for that host.

You can now perform sftp file transfer using the Reflection command line utility when a host certificate (PKI) is used for host authentication. Prior to this patch, sftp command line transfers failed if the host's public key was not in your known_hosts file.

Microsoft changes to some Windows operating systems disabled the Reflection Use Windows logon credentials setting. This patch configures the Windows registry to allow Reflection Kerberos sessions to use session key in the the Windows Kerberos TGT ticket.

This patch fixes a problem that caused Reflection to present a password window when a Reflection TGT has expired, but a valid Windows TGT is still present.

This patch fixes a problem that prevented successful connections in Reflection sessions configured to use SSL/TLS authentication. The problem was reported when *.pfx and *.p12 certificates were imported without the "Enable strong private key protection" option selected.