Technical Notes

EXTRA! has been tested with and supports Windows Vista SP1, Windows XP SP3, and Windows Server 2008.

If you are using SSL/TLS or FIPS 140-2 security with EXTRA!, you can now specify the encryption key strength that must be used. For example, you can specify that EXTRA! connect over SSL using only encryption algorithms that use 128-bit keys.

In general, Attachmate Security connects using the highest level of security that both EXTRA! and the SSL server support. We recommend against using this new setting without fully understanding the consequences. For more information, see Technical Note 2356.

If you are using Microsoft XP, you now have more control over when your computer goes into standby mode while EXTRA! is running. The default behavior is for EXTRA! to prompt the user before allowing the computer to enter standby mode. If you prefer, you can set EXTRA! to allow the computer to enter standby mode without a prompt, or to prevent the computer from ever entering standby mode while EXTRA! is running.

To change the standby mode, from the Global Preferences dialog box, follow these steps:

Note: When set to the default, which prompts the user to allow the computer to enter standby mode, you'll see a colored square in the check box.

The EXTRA! spell-checking function no longer requires you to have Microsoft Word installed. If you prefer, you can still use the Word spell-checking engine by configuring the installation through the Custom Installation Wizard. Additional spell-checking options can also be configured using the CIW. For more information on installing and using CIW, see Technical Note 2165.

EXTRA! now supports color and grayscale printing of 3270 terminal session screens.

To enable color or grayscale printing, from the Print Screen dialog box, clear the Print in Black and White checkbox.

You can now use a variety of delimiters to indicate the presence of a HotSpot, including many non-alphanumeric keyboard characters in addition to spaces. This provides compatibility with the HotSpot behavior of other emulation products.

You can also style text HotSpots as 3D buttons.

If a client exists on both IPv4 and IPv6 networks at the same time, the name for a host may resolve to more than one IP address. To handle this problem for TN5250 sessions, when you enter a host name in the Connection Settings dialog, you can select the correct address from the IP Address dropdown box.

Support for 16-bit API options has been discontinued in EXTRA! X-treme. For more information, see Technical Note 2319.

Note: This enhancement is available in EXTRA! 6530 Client Option 9.0 SP2 or higher, which is available as a separate download from the Attachmate Download Library web site. EXTRA! 6530 Client Option 9.0 SP2 or higher should be installed only after installing EXTRA! X-treme 9.0, EXTRA! 6530 Client Option 9.0, and EXTRA! X-treme 9.0 SP2 (in this order).

You can now edit server files directly from the server pane display. To do this, right-click on a server file and select Edit. The FTP Client downloads the file to your system and opens the associated editor. When you save and close the file, the FTP Client uploads it back to the server.

The FTP Client can now connect correctly through the proxy server when client authorization is enabled on the proxy.

The thumbprint of the Reflection for the Web security proxy server certificate is now correctly reported by the client.

When you double-click a server file to view it, the client downloads a copy of file. Prior to this fix, this action would always overwrite an existing local file with the same name regardless of the If File Exists setting. With this fix, the client honors your If File Exists setting. Note: Update and Unique are not used when downloading to view server files. If either of these preferences is set, users are asked if they want to download the server file if a file of the same name already exists.

This service pack fixes this problem by allowing passive mode connections to HP3000 servers.

On Windows 2000 systems, double-clicking in the local pane opened a folder in a new Explorer window rather than navigating through the FTP client local pane. This service pack fixes this problem.

You can now specify which key exchange algorithms the client supports, and the order of preference. To configure this, open the Reflection Secure Shell Settings dialog box and use the Encryption tab. The keyword used to configure this setting is KexAlgorithms.

Secure Shell error messages now include much more detailed information that can be used to facilitate troubleshooting.

You can now use getext and setext with the sftp command line utility to view and set file extensions that will use ascii transfer.

You can now supply commands to command-line utilities using an input file as shown in this example:

This service pack improves the way the client handles loss of a network connection.

This service pack fixes a problem that led to the above error message when putting files to a chroot account on HP-UX 11.1 using the sftp2 command line utility.

This service pack fixes this problem.

The client now displays only one error message when scp and scp2 transfers are directed to a folder that doesn't exist on the server.

The return codes displayed for the ssh2, scp2, and sftp2 command line utilities now match those returned by prior version F-Secure products.

The scp -u switch can be used to remove a file after copying with the scp or scp2 command line utility. Previously this switch was supported but not documented. It is now included in the command line usage you see when you enter "scp -h" or "scp2 -h".

When attempting to connect from a WinCvs client to a CVS repository via the client; the WinCvs client appeared to hang during the connection process. The client could be interrupted, but never displayed the archive. This problem has been resolved.

In order to facilitate scripting, warning messages are now displayed in the cmd.exe window rather than in popup windows that require user interaction.

The HostCharacterSet keyword now sets the specified host character set when code page support is available.

Keys are now uploaded correctly to Tectia servers.

The client now correctly handles redirection of debug output to a file on the command line, as shown here:

This service pack fixes a problem that caused the sftp quit command to set a non-zero return value.

sftp batch file execution now continues even if one of the batch commands fails. The exit code is 0 for successful execution of the batch file, with no command failures. With command failures the exit code is 1.

A new security option has been added for TN3270 and TN5250 connections. The Attachmate Security module uses cryptography validated to the Federal Information Processing Standard (FIPS) 140-2 and industry standard SSL and TLS protocols for ensuring data integrity and privacy.

To enable the Use Attachmate Security option

For more information about configuring secure connections in EXTRA!, see Technical Note 2245.

Internet Protocol version 6 (IPv6) support is now available through the Attachmate Security module.

To enable IPv6 support:

Several improvements have been made to the way EXTRA! manages digital certificates for client authentication.

Smart Cards

TN3270 sessions can be configured to copy text to clipboard as soon as it is selected on the screen. To enable this feature: Choose the Options | Settings - Edit dialog box, and then choose Deselect after Copy or Preserve after Copy.

The default is disabled.

ExtraGotFocus and ExtraLostFocus events have been added to the COM interface for EXTRA!. These COM events are fired if the EXTRA! Session Display loses focus or gains focus.

The EXTRA! COM interfaces have been modified for backward compatibility with version 8.0. Existing ActiveX client applications do not need to be rebuilt if they were developed using EXTRA! 8 or 8 SP1. Client applications compiled with other versions of EXTRA! must be recompiled using the new EXTRA! type library available with EXTRA! 9 SP1.

A setting called ShowSplashScreen has been added to the registry at HKCU\Software\Attachmate\Extra!\WorkStationUser\Preferences.

For the default installation of EXTRA! X-treme 9, the User Data Location (for sessions, macros, and schemes directories) should be the My Documents or All Users directories. They should not be installed in the Application Directory (\Program Files).

Under Vista, if you specify Application Directory for the User Data Location, the UAC shield icon appears on top of the EXTRA! shortcut icon (the big orange E), indicating that you need elevated or special permissions to run EXTRA! from this location.

The EXTRA! 6530 Client Option now provides SSL encryption and Telnet load balancing for TN6530 client connections across separate identically configured hosts.

Note: These enhancements are available in EXTRA! 6530 Client Option 9.0 SP1 or higher, which is available as a separate download from the Attachmate Download Library web site. EXTRA! 6530 Client Option 9.0 SP1 or higher should be installed only after installing EXTRA! X-treme 9.0, EXTRA! 6530 Client Option 9.0, and EXTRA! X-treme 9.0 SP1 (in this order).

A new setting, Use IPV6, has been added to the Connection tab in the Site Properties dialog box. Options are Always, Never, When Available. The default is When Available. Previously IPV6 support was configurable using the command window, and this technique is also still available.

A new setting, Connect through NAT server, has been added to support SSL/TLS connections through a NAT proxy server. To configure this setting click the Security button, then click the SSL/TLS tab.

Three new settings are available for configuring Reflection to forward FTP data through the SSH tunnel. Use these settings when the FTP server is on a different host from the Secure Shell server. To configure these settings, go to the Connect to FTP Site dialog box, click Security, then click the Secure Shell tab. The new settings are:

Configuring these settings is equivalent to using the following ssh command line:

The FTP Open method now supports sending passwords for Secure Shell sessions. The following sample configures a Secure Shell connection, connects to the specified host, and sends the specified user name and password.

You can now specify which SSL/TLS version to use. The choices are TLS Version 1.0 (this is the newer protocol and is the default) and SSL version 3.0. To change this setting, select a site in the Connect to FTP dialog box, then go to > Security > SSL/TLS > SSL/TLS version.

The FTP Client now correctly remembers the state of the Encrypt data stream setting for SSL/TLS sessions.

This patch fixes a problem that caused intermittent connection problems because the client was not correctly sending the AUTH TLS message.

In the Directories tab of the FTP Client Site Properties dialog box, modifying the Cache directory listing setting now correctly enables the Apply button on this tab.

This patch fixes a problem that led to a missing openssh.dll error message when launching the FTP Client from a Visual Basic project.

This patch reduces the time it takes to display directory listings in the local pane.

This patch reduces the time it takes to display directory listings in the server pane.

The Preserve server file date option (available on the Transfer tab of the site properties dialog box) now works as expected for SFTP transfers.

This service pack resolves a problem that caused some FTP servers to reject the connection when Reflection FTP was configured to use Kerberos.

Reflection FTP Client server file display has been optimized to decrease the amount of time it takes to display and refresh the server display pane.

You can now disconnect from the server (the preferred way to terminate network connections) or close the client when connected to a site that is configured to use SSL/TLS. When you close a connected session, the client now disconnects the SSL/TLS-secured FTP connection before shutting down.

When NoShell is set to "Yes", the client creates a tunnel without opening a terminal session. This option can be used in combination with ConnectionReuse to create a tunnel that can be reused by other ssh connections. You can configure this option in the Secure Shell configuration file, or using the -o command-line option.

You can now specify which hash algorithm the client uses in the process of proving possession of the private key during public key user authentication. To configure this, open the Reflection Secure Shell Settings dialog box. On the Encryption tab, under Signature types, select the hash you want to use for RSA and DSA keys.

This patch includes changes that support faster SFTP and SCP file transfers.

This patch reduces the time it takes to display directory listing in SFTP sessions.

Prior to this patch, server certificate validation failed if the certificate contained unknown extended key usage OIDs. These extensions are now checked during intermediate certificate validation only if they are marked as "Critical" or if you are running Reflection in DOD mode.

Error messages for the ssh command-line utility are now sent to stderr.

The sftp and sftp2 command line usage help now displays the following additional syntax for uploading files to the server: sftp [options] sourcefile [user@]host[#port]:[destination file]. This information is displayed when you use the -h command-line option.

Reflection no longer displays a blank "Reflection Secure Shell Client" dialog box when you are configured to use keyboard-interactive authentication. This dialog box was introduced by changes made to the SP2 patch.

This patch fixes a problem that caused a halt in data display when large chunks of data are being received. Prior to the fix it was sometimes necessary to use the Enter key to view the entire display.

This patch fixes a problem that caused Reflection to show multiple entries for the same user key when both a user-specific config file and a global ssh_config file were present on the same computer.

This service pack fixes a problem that would sometimes cause very large (gigabyte) data transfers to hang when Reflection was configured to use the Secure Shell protocol. This problem was seen with transfers using the Reflection user interface and also using Reflection command line utilities.

This error message was displayed incorrectly when the Reflection scp command line utility was used with the -r switch. This problem has been resolved.

Sftp file transfers that use wildcard GET commands now work as expected.

In Reflection applications running with Service Pack 1 applied, the sftp and scp clients could not simultaneously access the same local file for uploading. This problem has been resolved.

This service pack corrects a problem in the Secure Shell protocol that could cause this error message to be displayed for slow or bad network connections.