Technical Notes

A new security option has been added for TN3270 and TN5250 connections. The Attachmate Security module uses cryptography validated to the Federal Information Processing Standard (FIPS) 140-2 and industry standard SSL and TLS protocols for ensuring data integrity and privacy.

To enable the Use Attachmate Security option

For more information about configuring secure connections in EXTRA!, see Technical Note 2245.

Internet Protocol version 6 (IPv6) support is now available through the Attachmate Security module.

To enable IPv6 support:

Several improvements have been made to the way EXTRA! manages digital certificates for client authentication.

Smart Cards

TN3270 sessions can be configured to copy text to clipboard as soon as it is selected on the screen. To enable this feature: Choose the Options | Settings - Edit dialog box, and then choose Deselect after Copy or Preserve after Copy.

The default is disabled.

ExtraGotFocus and ExtraLostFocus events have been added to the COM interface for EXTRA!. These COM events are fired if the EXTRA! Session Display loses focus or gains focus.

The EXTRA! COM interfaces have been modified for backward compatibility with version 8.0. Existing ActiveX client applications do not need to be rebuilt if they were developed using EXTRA! 8 or 8 SP1. Client applications compiled with other versions of EXTRA! must be recompiled using the new EXTRA! type library available with EXTRA! 9 SP1.

A setting called ShowSplashScreen has been added to the registry at HKCU\Software\Attachmate\Extra!\WorkStationUser\Preferences.

For the default installation of EXTRA! X-treme 9, the User Data Location (sessions, macros, and schemes directories) should be installed in the My Documents or All Users directories. They should not be installed in the Application Directory (\Program Files).

Under Vista, if you specify Application Directory for the User Data Location, the UAC shield icon appears on top of the EXTRA! shortcut icon (the big orange E), indicating that you need elevated or special permissions to run EXTRA! from this location.

The EXTRA! 6530 Client Option now provides SSL encryption and Telnet load balancing for TN6530 client connections across separate identically configured hosts.

Note: These enhancements are available in EXTRA! 6530 Client Option 9.0 SP1, which is available as a separate download from the Attachmate Download Library web site (extra6530-9.0.1-sp-w32.exe). EXTRA! 6530 Client Option 9.0 SP1 should be installed only after installing EXTRA! X-treme 9.0, EXTRA! 6530 Client Option 9.0, and EXTRA! X-treme 9.0 SP1 (in this order).

A new setting, Use IPV6, has been added to the Connection tab in the Site Properties dialog box. Options are Always, Never, When Available. The default is When Available. Previously IPV6 support was configurable using the command window, and this technique is also still available.

A new setting, Connect through NAT server, has been added to support SSL/TLS connections through a NAT proxy server. To configure this setting click the Security button, then click the SSL/TLS tab.

Three new settings are available for configuring Reflection to forward FTP data through the SSH tunnel. Use these settings when the FTP server is on a different host from the Secure Shell server. To configure these settings, go to the Connect to FTP Site dialog box, click Security, then click the Secure Shell tab. The new settings are:

Configuring these settings is equivalent to using the following ssh command line:

The FTP Open method now supports sending passwords for Secure Shell sessions. The following sample configures a Secure Shell connection, connects to the specified host, and sends the specified user name and password.

You can now specify which SSL/TLS version to use. The choices are TLS Version 1.0 (this is the newer protocol and is the default) and SSL version 3.0. To change this setting, select a site in the Connect to FTP dialog box, then go to > Security > SSL/TLS > SSL/TLS version.

The FTP Client now correctly remembers the state of the Encrypt data stream setting for SSL/TLS sessions.

This patch fixes a problem that caused intermittent connection problems because the client was not correctly sending the AUTH TLS message.

In the Directories tab of the FTP Client Site Properties dialog box, modifying the Cache directory listing setting now correctly enables the Apply button on this tab.

This patch fixes a problem that led to a missing openssh.dll error message when launching the FTP Client from a Visual Basic project.

This patch reduces the time it takes to display directory listings in the local pane.

This patch reduces the time it takes to display directory listings in the server pane.

The Preserve server file date option (available on the Transfer tab of the site properties dialog box) now works as expected for SFTP transfers.

This service pack resolves a problem that caused some FTP servers to reject the connection when Reflection FTP was configured to use Kerberos.

Reflection FTP Client server file display has been optimized to decrease the amount of time it takes to display and refresh the server display pane.

You can now disconnect from the server (the preferred way to terminate network connections) or close the client when connected to a site that is configured to use SSL/TLS. When you close a connected session, the client now disconnects the SSL/TLS-secured FTP connection before shutting down.

When NoShell is set to "Yes", the client creates a tunnel without opening a terminal session. This option can be used in combination with ConnectionReuse to create a tunnel that can be reused by other ssh connections. You can configure this option in the Secure Shell configuration file, or using the -o command-line option.

You can now specify which hash algorithm the client uses in the process of proving possession of the private key during public key user authentication. To configure this, open the Reflection Secure Shell Settings dialog box. On the Encryption tab, under Signature types, select the hash you want to use for RSA and DSA keys.

This patch includes changes that support faster SFTP and SCP file transfers.

This patch reduces the time it takes to display directory listing in SFTP sessions.

Prior to this patch, server certificate validation failed if the certificate contained unknown extended key usage OIDs. These extensions are now checked during intermediate certificate validation only if they are marked as "Critical" or if you are running Reflection in DOD mode.

Error messages for the ssh command-line utility are now sent to stderr.

The sftp and sftp2 command line usage help now displays the following additional syntax for uploading files to the server: sftp [options] sourcefile [user@]host[#port]:[destination file]. This information is displayed when you use the -h command-line option.

Reflection no longer displays a blank "Reflection Secure Shell Client" dialog box when you are configured to use keyboard-interactive authentication. This dialog box was introduced by changes made to the SP2 patch.

This patch fixes a problem that caused a halt in data display when large chunks of data are being received. Prior to the fix it was sometimes necessary to use the Enter key to view the entire display.

This patch fixes a problem that caused Reflection to show multiple entries for the same user key when both a user-specific config file and a global ssh_config file were present on the same computer.

This service pack fixes a problem that would sometimes cause very large (gigabyte) data transfers to hang when Reflection was configured to use the Secure Shell protocol. This problem was seen with transfers using the Reflection user interface and also using Reflection command line utilities.

This error message was displayed incorrectly when the Reflection scp command line utility was used with the -r switch. This problem has been resolved.

Sftp file transfers that use wildcard GET commands now work as expected.

In Reflection applications running with Service Pack 1 applied, the sftp and scp clients could not simultaneously access the same local file for uploading. This problem has been resolved.

This service pack corrects a problem in the Secure Shell protocol that could cause this error message to be displayed for slow or bad network connections.