Attachmate Products with FIPS 140-2 Validated Crypto Modules

  • 7021285
  • 19-Nov-2010
  • 02-Mar-2018

Environment

Reflection Desktop
Reflection Desktop Pro
Reflection Desktop for X
Reflection Desktop for IBM
Reflection Desktop for UNIX and OpenVMS
Reflection 2014
Reflection Pro 2014
Reflection X 2014
Reflection for IBM 2014
Reflection for UNIX and OpenVMS 2014
Reflection Standard Suite 2011
Reflection for IBM 2011
Reflection for UNIX and OpenVMS 2011
Host Access Management and Security Server version 12.2
Reflection ZFE version 2.0.1
Reflection for the Web version 12.2 (All Editions)
Reflection for the Web 2014 (All Editions)
Reflection for the Web 2011 (All Editions)
Reflection for the Web 2008 (All Editions)
Reflection Security Gateway 2014
Extra! X-treme version 9.0 SP2 or higher
InfoConnect version 8.1 or higher
InfoConnect Desktop version 16.0 or higher
Reflection for UNIX and OpenVMS version 14.0 or higher
Reflection for HP with NS/VT version 14.0 or higher
Reflection X 2011
Reflection Suite for X 2011
Reflection X Advantage
Reflection X version 14.0 or higher
Reflection for Secure IT
Reflection for Secure IT Gateway
Reflection PKI Services Manager
Verastream Host Integrator version 7.0 or higher
Verastream Process Designer R4 SP1 or higher
Verastream SDK for Unisys and Airlines version 5.0
FileXpress Gateway version 1.0

Situation

This technical note lists Attachmate products that have Federal Information Processing Standards (FIPS) 140-2 validated cryptographic modules. FIPS 140-2 is a US federal government security regulation.

Resolution

Attachmate and Micro Focus Products and FIPS Mode

To meet FIPS 140-2 standards, Attachmate products must be run in FIPS mode and use specific FIPS-validated cryptographic modules. When running in FIPS mode the module’s security policy (the definition of what the module has been certified to do) is used for secure connections. To view the detailed cryptographic module security policy, click the certificate link below for the specific certificate number.

Note: Contact your Chief Information Security Officer for information about the implications and applicability of using FIPS 140-2 validated cryptography on all of your systems.

Refer to the tables below to verify that your Attachmate products contains a FIPS 140-2 validated crypto module.

Cryptographic Library version 3

The following products use Attachmate Cryptographic Library version 3. This module includes the OpenSSL FIPS Object Module version 2.0.2, which has been validated by the National Institute of Standards and Technology (NIST), certificate #1747: http://csrc.nist.gov/groups/STM/cmvp/documents/140-1/1401val2012.htm#1747.

Note: On AIX POWER 64-bit only, library version 3.3.x includes the OpenSSL FIPS Object Module 2.0.11. OpenSSL FIPS Object Module version 2.0.11 has been validated by the National Institute of Standards and Technology (NIST), certificate #2398: http://csrc.nist.gov/groups/STM/cmvp/documents/140-1/1401val2015.htm#2398.

Product
Product Version
Cryptographic Library
Library Version
Extra! X-treme
9.3 SP1 HF7 (9.3.1.2643)
atmcrypto.dll
3.2.70.0
InfoConnect Desktop products
16.0
atmcrypto.dll
3.2.73.0
InfoConnect
9.2 SP1 U1 HF2 (9.2.1.2762)
atmcrypto.dll
3.2.73.0
InfoConnect
9.2 SP1 HF8 (9.2.1.2735)
atmcrypto.dll
3.2.70.0
Reflection Desktop products
16.0
atmcrypto.dll
3.2.73.0
Reflection 2014
R1 SP1 HF8 (15.6.1.808)
atmcrypto.dll
3.2.70.0
Reflection 2014
R1 SP1 (15.6.1.746)
atmcrypto.dll
3.2.35.0
Reflection 2014
R1 (15.6.0.636)
atmcrypto.dll
3.2.30.0
Reflection for Secure IT Client for Windows
7.2 SP4 U1 (7.2.4303)
atmcrypto.dll
3.2.72.0
Reflection for Secure IT Client for Windows
7.2 SP4 HF4 (7.2.4290)
atmcrypto.dll
3.2.70.0
Reflection for Secure IT Gateway (SSH Proxy component)
1.1 (1.1.1079)
atmcrypto.dll
3.3.72.0
Reflection for Secure IT Server for Windows
8.2 SP1 Update 1 (8.2.1100)
Atmcrypto.dll
3.3.89.0
Reflection for Secure IT Server for Windows
8.2 SP1 (8.2.1079)
atmcrypto.dll
3.3.72.0
Reflection for Secure IT Server for Windows
8.2 HF2 (8.2.131)
atmcrypto.dll
3.2.70.0
Reflection for Secure IT Server for Windows
8.2
atmcrypto.dll
3.2.39.0
Reflection for Secure IT Server for Windows
8.1
atmcrypto.dll
3.1.12.0
Reflection for Secure IT Server and Client for UNIX
See the note above for installations on AIX POWER

8.0 SP2
libatmcrypto.so.3.3
libatmcrypto.sl.3.3

3.3.71
Reflection for Secure IT Server and Client for UNIX
8.0 SP1 HF3 (8.0.1.74)
libatmcrypto.so.3.2
libatmcrypto.sl.3.2

3.2.76
Reflection for HP, IBM, or UNIX and OpenVMS
14.1 SP4 U1 HF5 (14.1.4502)
atmcrypto.dll
3.2.73.0
Reflection for HP, IBM, or UNIX and OpenVMS
14.1 SP4 HF4 (14.1.4476)
atmcrypto.dll
3.2.70.0
Reflection X
14.1 SP4 U1 HF5 (14.1.4502)
atmcrypto.dll
3.2.73.0
Reflection X
14.1 SP4 HF4 (14.1.4476)
atmcrypto.dll
3.2.70.0
Verastream Host Integrator (on Windows) – see also KB 7021544
7.7
7.6 SP1
7.6

atmcrypto.dll
atmcrypto.dll
atmcrypto.dll

3.2.40
3.2.35.0
3.2.23.0

Verastream Host Integrator (on Linux and Solaris) – see also KB 7021544
7.7
7.6 SP1
7.6

libatmcrypto.so.3.2.40
libatmcrypto.so.3.2.35
libatmcrypto.so.3.2.0

3.2.40
3.2.35
3.2.0

FileXpress Gateway
1.0 HF4 (1.0.0.369)
Atmcrypto.dll
3.2.80.0
FileXpress Gateway
1.0 HF3 (1.0.0.368)
atmcrypto.dll
3.2.70.0
FileXpress Gateway
1.0
atmcrypto.dll
3.2.39.0

Cryptographic Library version 2.0.40

Attachmate cryptographic library version 2.0.40 is used in the following products when operated in FIPS mode and has been validated by the National Institute of Standards and Technology (NIST), certificate #1027: http://csrc.nist.gov/groups/STM/cmvp/documents/140-1/1401val2008.htm#1027

Product
Product Version
Cryptographic Library
Library Version
Extra!
9.1 – 9.2 SP1*
rssccm.dll
2.0.40
InfoConnect
9.0 SP1 – 9.1 SP1
rssccm.dll
2.0.40
Reflection for Secure IT Windows Client
7.2 – 7.2.4275
rssccm.dll
2.0.40
Reflection for Secure IT Server and Client for UNIX
8.0 SP1 – 8.0 SP1 HF3 (8.0.1.74)
libssccm.so.2.0.40, libssccm.sl.2.0.40
2.0.40
2.0.40

Reflection 2014
R1 – R1 SP1 HF7 (15.6.1.797)
rssccm.dll
2.0.40
Reflection 2011
R1, R2, R3
rssccm.dll
2.0.40
Reflection 2008
R2
rssccm.dll
2.0.40
Reflection for HP
14.0.5 – 14.1.4457
rssccm.dll
2.0.40
Reflection for IBM
14.0.5 – 14.1.4457
rssccm.dll
2.0.40
Reflection for UNIX and OpenVMS
14.0.5 – 14.1.4457
rssccm.dll
2.0.40
Reflection X
14.0.5 – 14.1.4457
rssccm.dll
2.0.40
Verastream Host Integrator (on Windows) – see also KB 7021544
7.0 – 7.5 SP1
rssccm.dll
2.0.40
Verastream Host Integrator (on Linux and Solaris) – see also KB 7021544
7.0 – 7.5 SP1
libssccm.so.2.0.40
2.0.40

* Applies to EXTRA! 9.2 or higher connections configured to use Security Type "Attachmate SSL v3.0," "Attachmate TLS v1.0," or "Attachmate FIPS 140-2," and to EXTRA! 9.1 connections configured to "Use Attachmate Security" with "SSL/TLS" or "FIPS 140-2" selected as the Level of Encryption.

Cryptographic Library version 1.0.170

Attachmate cryptographic library version 1.0.170 is used in the following products when operated in FIPS mode and has been validated by the National Institute of Standards and Technology (NIST), certificate #766: http://csrc.nist.gov/groups/STM/cmvp/documents/140-1/1401val2007.htm#766

Product
Product Version
Cryptographic Library
Library Version
EXTRA!
9.0 SP1 – SP2 *
rssccm.dll
1.0.170
INFOConnect
8.1 SP1 – 9.0
rssccm.dll
1.0.170
Reflection for Secure IT Windows Client
7.0
rssccm.dll
1.0.170
Reflection 2007
R1
rssccm.dll
1.0.170
Reflection for HP
14.0 – 14.0.4
rssccm.dll
1.0.170
Reflection for IBM
14.0 – 14.0.4
rssccm.dll
1.0.170
Reflection for UNIX and OpenVMS
14.0 – 14.0.4
rssccm.dll
1.0.170
Reflection X
14.0 – 14.0.4
rssccm.dll
1.0.170
Reflection 2008
R1
rssccm.dll
1.0.170

Applies to EXTRA! connections that are configured to "Use Attachmate Security" with "SSL/TLS" or "FIPS 140-2" selected as the Level of Encryption.

RSA BSAFE Crypto-J JSAFE and JCE Module version 6.2.1

RSA BSAFE Crypto-J JSAFE and JCE software module version 6.2.1 is used in the following Micro Focus products when operated in FIPS mode. This version has been validated by the National Institute of Standards and Technology (NIST), certificate #2468: http://csrc.nist.gov/groups/STM/cmvp/documents/140-1/1401val2015.htm#2468.

To upgrade to RSA BSAFE Crypto-J JSAFE and JCE Module version 6.2.1, contact Technical Support to obtain a hotfix.

Product
Product Version
Cryptographic Library
Library Version
Reflection for Secure IT Gateway
1.1 (1.1.0.252)
RSA BSAFE Crypto-J JSAFE and JCE Software Module
6.2.1
Reflection ZFE
2.0.1
RSA BSAFE Crypto-J JSAFE and JCE Software Module
6.2.1
FileXpress Gateway
1.0 HF4 (1.0.0.369)
RSA BSAFE Crypto-J JSAFE and JCE Software Module
6.2.1
Host Access Management and Security Server
12.2.319
RSA BSAFE Crypto-J JSAFE and JCE Software Module
6.2.1
Reflection for the Web
12.2.319
RSA BSAFE Crypto-J JSAFE and JCE Software Module
6.2.1
Reflection Security Gateway 2014
12.1.337
RSA BSAFE Crypto-J JSAFE and JCE Software Module
6.2.1
Reflection for the Web 2014
12.1.337
RSA BSAFE Crypto-J JSAFE and JCE Software Module
6.2.1

Attachmate Security Component for Java version 1.32

Attachmate Security Component for Java cryptographic library version 1.32 is used in the following products for TLS connections when operated in FIPS mode.

Product
Product Version
Cryptographic Library
Library Version
Host Access Management and Security Server *
12.2.124 – 12.2.319
Attachmate Security Component for Java
1.32.004
Reflection ZFE
2.0.1
Attachmate Security Component for Java
1.32.004
Reflection for the Web *
12.2.124 – 12.2.319
Attachmate Security Component for Java
1.32.004
Reflection Security Gateway 2014 *
12.1.337
Attachmate Security Component for Java
1.32
Reflection for the Web 2014 *
12.1.337
Attachmate Security Component for Java
1.32
Reflection for the Web 2011
R1
Attachmate Security Component for Java
1.32
Reflection for the Web 2008
R3
Attachmate Security Component for Java
1.32

* Apply a hotfix for your product to use RSA BSAFE Crypto-J JSAFE and JCE Module version 6.2.1, which has been validated by the National Institute of Standards and Technology (NIST). Contact Technical Support to obtain the hotfix.

RSA BSAFE Crypto-J JSAFE and JCE Module version 6.1

RSA BSAFE Crypto-J JSAFE and JCE software module version 6.1 is used in the following Attachmate product when operated in FIPS mode. This version has been validated by the National Institute of Standards and Technology (NIST), certificate #2058: http://csrc.nist.gov/groups/STM/cmvp/documents/140-1/1401val2013.htm#2058.

Product
Product Version
Cryptographic Library
Library Version
FileXpress Gateway
1.0 HF3 (1.0.0.368)
jcmFIPS-6.1.2.jar
6.1.2
Verastream Process Designer (on Windows, Linux, and Solaris)
R5 SP1 – R6
jcmFIPS.jar
6.1
Verastream Host Integrator (on Windows, Linux, and Solaris)
7.6 SP1 – 7.7
7.5 SP1 – 7.6

jcmFIPS-6.1.1.2014.0123.jar
jcmFIPS.jar

6.1.1
6.1

Verastream SDK for Unisys and Airlines
5.0
jcmFIPS.jar
6.1.0.2
Reflection PKI Services Manager
1.3 SP1
jcmFIPS.jar
6.1.2
Reflection PKI Services Manager
1.2 SP2 – 1.3
jcmFIPS.jar
6.1
Reflection X Advantage
5.0
jcmFIPS.jar
6.1

* For information about installing the cryptographic module in Luminet, see https://download.attachmate.com/fileinfo.aspx?filename=luminet-1-2-fips-module-installation-guide.pdf (login required).

RSA BSAFE Crypto-J JCE Provider Module version 5.1

RSA BSAFE Crypto-J JCE Provider software module version 5.0 is used in the following Attachmate products when operated in FIPS mode.

Product
Product Version
Cryptographic Library
Library Version
Host Access Management and Security Server *
12.2.124 – 12.2.313
RSA BSAFE Crypto-J JCE Provider
5.0
Reflection for the Web *
12.2.124 – 12.2.313
RSA BSAFE Crypto-J JCE Provider
5.0
Reflection Security Gateway 2014 *
(12.1) R1, R2
12.1.122 – 12.1.333

RSA BSAFE Crypto-J JCE Provider
5.0
Reflection for the Web 2014 *
(12.1) R1, R2
12.1.122 – 12.1.333

RSA BSAFE Crypto-J JCE Provider
5.0

* Apply a hotfix for your product to use RSA BSAFE Crypto-J JSAFE and JCE Module version 6.2.1, which has been validated by the National Institute of Standards and Technology (NIST). Contact Technical Support to obtain the hotfix.

RSA BSAFE Crypto-J JCE Provider Module version 4.1

RSA BSAFE Crypto-J JCE Provider software module version 4.1 is used in the following Attachmate products when operated in FIPS mode and has been validated by the National Institute of Standards and Technology (NIST), certificate #1291: http://csrc.nist.gov/groups/STM/cmvp/documents/140-1/1401val2010.htm#1291

Product
Product Version
Cryptographic Library
Library Version
Verastream Process Designer (on Windows, Linux, and Solaris)
R4 SP1 – R5
cryptojFIPS.jar
4.1
Verastream Host Integrator (on Windows, Linux, and Solaris)
7.1 SP1 – 7.5
cryptojFIPS.jar
4.1

* For information about installing the cryptographic module in Luminet, see https://download.attachmate.com/fileinfo.aspx?filename=luminet-1-1-fips-module-installation-guide.pdf (login required).

RSA BSAFE Crypto-J JCE Provider Module version 4.0

RSA BSAFE Crypto-J JCE Provider software module version 4.0 is used in the following Attachmate products when operated in FIPS mode and has been validated by the National Institute of Standards and Technology (NIST), certificate #1048: http://csrc.nist.gov/groups/STM/cmvp/documents/140-1/1401val2008.htm#1048

Product
Product Version
Cryptographic Library
Library Version
Reflection X Advantage
2.0 – 4.2
jsafeJCEFIPS.jar
4.0
Reflection PKI Services Manager
1.0 – 1.2 SP1
jsafeJCEFIPS.jar
4.0

RSA BSAFE Crypto-J JCE Provider Module version 3.6

RSA BSAFE Crypto-J JCE Provider software module version 3.6 is used in the following Attachmate product for SSH and SFTP connections when operated in FIPS mode and has been validated by the National Institute of Standards and Technology (NIST), certificate #820: http://csrc.nist.gov/groups/STM/cmvp/documents/140-1/1401val2007.htm#820

Product
Product Version
Cryptographic Library
Library Version
Reflection for the Web 2011
R1
RSA BSAFE Crypto-J JCE Provider
3.6
Reflection for the Web 2008
R3
RSA BSAFE Crypto-J JCE Provider
3.6

Additional Information

To review security update information for Attachmate products, see https://support.microfocus.com/security.

Notice: This technical note is updated from time to time and is provided for informational purposes only. Attachmate makes no representation or warranty that the functions contained in our software products will meet your requirements or that the operation of our software products will be interruption or error free. Attachmate EXPRESSLY DISCLAIMS ALL WARRANTIES REGARDING OUR SOFTWARE INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.

Legacy KB ID

This document was originally published as Attachmate Technical Note 2400.