Installation guide
12 PC-Duo 12.5 May 2014
Table 1. Mitigation Options for Encryption Defect
Mitigation Options
No Action
Upgrade
Proxy
clients &
servers to
11.6
Upgrade
Proxy
clients only
(Masters,
Gateways)
Upgrade
Proxy
servers
(Hosts)
only
Patch
Proxy
clients &
servers to
11.6
Patch
Proxy
clients
only
(Masters,
Gateways)
Encryption enforced on SSL
connections
Yes
Yes
Yes
Yes
Yes
Encryption enforced on
reverse connections
Yes
Yes
Yes
Yes
Yes
Encryption enforced on P2P
connections
Yes
Yes
Yes
Yes
Encryption enforced on
Gateway-managed
connections in same domain
Yes
Yes
Yes
Yes
Connection terminated when
encryption not enforced
Yes
Applies to all affected
releases (10.0)
Yes
Yes
Yes
Yes
Does not
apply to
10.0
Does not
apply to
10.0
Note on Host for Terminal Services on Server 2003 x64 Fix
There is a bug in 64-bit Windows Server 2003 that hinders our ability to get the
identity of the user that’s logged in to the terminal services session. As a result,
the following limitations may be observed:
If “%USER%” is in the station name, the name “Not-Logged-In” may be
seen instead of the real user name.
The “User” column in the Gateway Administrator views should eventually
get the correct user name, but this is not guaranteed.
We cannot impersonate the logged-in user, so end-to-end services like
file transfer and remote management will not work if simple password
authentication is used. Note that use of Windows Authentication is
strongly recommended over simple password, especially in terminal
services environments.
File transfer with Windows Authentication cannot evaluate the paths for
the “Personal” and “Common” folder collections (which include
“Desktop”, “My Documents”, “Shared Documents”, etc.). Users can
navigate to these folders using their real paths, but the shortcuts do not
appear in the file transfer user interface.