Reflection for the Web version 12.3 SP1 Update 1 released December 2017.
Reflection for the Web includes Host Access Management and Security Server to create, manage, and secure sessions to your hosts.
This document lists the features, resolved issues, and known issues since version 12.3 SP1.
Reflection for the Web 12.3 SP1 Update 1 includes the following features (in addition to the 12.3 SP1 features).
Added Subject Alternative Name (SAN) support to the Management and Security Server dialogs used to generate certificates or certificate signing requests (CSRs) -- in the Security Proxy Wizard, HTTPS Certificate Utility, and the Configure Settings - Certificates panel.
Updated Java to version 1.8.0_151
Upgraded BCTLS (Bouncy Castle TLS) to 1.0.3
Reflection for the Web version 12.3 SP1 requires Host Access Management and Security Server version 12.4 SP1 Update 1 (12.4.11) to support the new cryptographic module.
While the two products are installed independently, the Reflection for the Web automated installer provides the option to both products -- Reflection for the Web and a compatible version of Management and Security Server. Follow the prompts during installation.
For information about installing or using Management and Security Server, refer to the product documentation.
Reflection for the Web 12.3 SP1 Update 1 uses the Administrative Console as the user interface to create, manage, and secure sessions. The , which is part of Management and Security Server, replaces the Administrative WebStation in previous versions.
an HTML login that does not require Java
UI that expands as options are selected
online Help set, also available as the Management and Security Server Administrator Guide
Host Access Management and Security and Reflection for the Web were updated to use a new cryptographic module (Bouncy Castle 1.0.3) for providing encrypted connections to your mainframe.
The cryptographic module was updated because the previous third party cryptographic module provider announced the end of support for their cryptographic module. Bouncy Castle is the provider for keystore operations, and the cryptographic files are generated using the.bcfks (bouncy castle FIPS keystore) extension. See Technical Note 2900 for more information.
Micro Focus strongly recommends upgrading Reflection for the Web to version 12.3 SP1 (or higher) at the earliest opportunity. Failing to upgrade to this version could
put you out of compliance with regulatory requirements, such as PCI-DSS, which require that critical security libraries be up to date and supported.
put you at risk if a new security vulnerability is announced, as security patches are not expected to be available for the older cryptographic modules.
Secure connections can be set to use TLS 1.2 without needing to use PKI Services Manager.
NOTE: A new installation of Security Proxy Server is set to TLS 1.2 by default.
If your Reflection for the Web sessions use a different TLS protocol, either configure the client to use TLS 1.2 (more secure) or configure the Security Proxy to use TLSv1.1 or TLSv1 (less secure).
Reflection for the Web 12.3 SP1 Update 1 supports Java 9 when these changes are configured.
Reflection for the Web clients require a web browser using JRE 8 or later that can run trusted applets.
With Java 8, Internet Explorer 11 and Mozilla Firefox ESR 32-bit are supported.
With Java 9, only Internet Explorer 11 64-bit is supported with Reflection for the Web.
Java 9 support requires these settings in Internet Explorer 11 (64-bit):
In, open to the tab.
Check each zone:for
Scroll to thesection, and check .
Clickand . Close Internet Explorer.
Restart your computer for the changes to take effect.
To make TLS connections with Java 9, apply this configuration:
Open theto the tab.
One or more JREs are listed.
In the each line:column, add this text to
The Reflection for the Web Reference Guide includes the topics that were previously in the Administrative WebStation. The guide is a separate document available from the documentation site.
API and Scripting
Applet Attributes and Parameters
Host-initiated RCL Support
Resolved vulnerability: Replaced Bouncy Castle 1.0.2 with Bouncy Castle 1.0.3
Resolved the intermittent TLS connections. The time to start the TLS negotiations on the TCP/IP connection is reduced. As a result, the TLS timeouts do not need to be increased on the host.
IBM 3270 Printer Definition Files (PDFs) are migrated when upgrading to Reflection for the Web 12.3 SP1 Update 1.
This issue relates to the version of Java being used and affects only secure connections.
For TLS connections to your host, Java Cryptography Extension (JCE) Unlimited Strength Jurisdiction Policy Files may be required.
Unlimited strength policy files contain no restrictions on cryptographic strengths, in contrast to the strong but limited cryptography policy files bundled in a JRE.
NOTE: Oracle introduced a new Security policy in Oracle release notes.. To enable unlimited cryptography, refer to the
In, the policy files are unlimited by default. No further configuration is needed. However, to use the TLS protocol, a workaround is necessary.
For prior to update 151, apply the JCE policy files as follows:versions
Download the Java Cryptography Extension (JCE) Unlimited Strength Jurisdiction Policy Files from Oracle or IBM. Be sure to download the correct policy file updates for your version of Java:
Uncompress and extract the downloaded file. The download includes a Readme.txt and two .jar files with the same names as the existing policy files.
Locate the two existing policy files:
On UNIX, look in <java-home>/lib/security/
On Windows, look in C:\Program Files\Java\jre<version>\lib\security\
Replace the existing policy files with the unlimited strength policy files you extracted.
NOTE: The JCE Unlimited Strength Jurisdiction Policy Files must be applied each time you upgrade your JRE.
The upgrade process varies depending on the version you are upgrading from. For more information, refer to the Reflection for the Web Installation Guide.
If you are running an evaluation copy, the product will be fully functional for 120 days. During that time you can install, configure, and test Reflection for the Web version 12.3 SP1.
Please contact Micro Focus or your authorized reseller to obtain the full-use version of the software.
Security Updates: http://support.attachmate.com/security/?prod=RWEB
Technical Resources, including documentation and technical notes: http://support.attachmate.com/product/?prod=RWEB
Reflection for the Web Installation Guide: https://www.attachmate.com/documentation/rweb-12-3sp1/rweb-installguide/data/bookinfo.htm
Reflection for the Web Reference Guide: https://www.attachmate.com/documentation/rweb-12-3sp1/rweb-reference-guide/data/bookinfo.htm
Management and Security Server Installation Guide: https://www.attachmate.com/documentation/mss-12-4sp1/mss-installguide/data/bookinfo.htm
Management and Security Server Administrator Guide: https://www.attachmate.com/documentation/mss-12-4sp1/mss-admin-guide/data/bookinfo.htm
For information about legal notices, trademarks, disclaimers, warranties, export and other use restrictions, U.S. Government rights, patent policy, and FIPS compliance, see https://www.microfocus.com/about/legal/.
Copyright © 2017 Attachmate Corporation, a Micro Focus company. All rights reserved.
The only warranties for this product and any associated updates or services are those that may be described in express warranty statements accompanying the product or in an applicable license agreement you have entered into. Nothing in this document should be construed as creating any warranty for a product, updates, or services. The information contained in this document is subject to change without notice and is provided “AS IS” without any express or implied warranties or conditions. Micro Focus shall not be liable for any technical or other errors or omissions in this document. Please see the product’s applicable end user license agreement for details regarding the license terms and conditions, warranties, and limitations of liability.
Any links to third-party websites take you outside Micro Focus websites, and Micro Focus has no control over and is not responsible for information on third party sites.