SDK/J

Hello

Please help to create a maintenance signature for the attached version.

The last signature SDKJ app version is 6.0.0.886

This version 6.0.0.1077 is included a fix since the last signature v6.0.0.886

- FR 1360000: Optional on/off AAA-Client to avoid confict with other 3rd SDK/J app on Ricoh device.

Thank you

Ngoc

Hi

Good morning

We meet an issue when using the Ricoh platform java.net.URL to create a HTTPS connection to the KTA server windows 2016.

The Kofax Ricoh Client cannot connect to KTA server 2016, althout it works as well on lower windows server version

URL.setURLStreamHandlerFactory( new URLStreamHandlerFactory() {
                 public URLStreamHandler createURLStreamHandler(String protocol) {
                    logger.debug("Set URLStreamHandler, protocol=" + protocol);
                    URLStreamHandler result = null;
                    if(protocol.equals("https")) {
                        result = new com.sun.net.ssl.internal.www.protocol.https.Handler();
                    }
                    return result;
                }
            } );

I found the root cause that Ricoh device does not support 2 cipher suites to create SSL handshake that windows 2016 is using them.

TLS_DHE_RSA_WITH_AES_128_CBC_SHA (0x000033)

TLS_DHE_RSA_WITH_AES_256_CBC_SHA (0x000039)

We must use a workaround that remove out 2 cipher suites above from windows server 2016 to work with Ricoh MFP.

You can see the attached for more detaile.

This issue is reported on Ricoh MP C3003 and Ricoh MP 2001

My question:

- Do you know any new update platform/firmware that it covers this issue?

- Do you have any suggestion to fix this?

Thank you

Ngoc

Wells Fargo has started moving to our certified WebBrowserNX implementation for their test environment. They have a lot of machines that are being upgraded over time to ones that support SmartSDK. However, their old machines that are still using our SDKJ client. Unfortunately that client does not support TLS 1.2 right now. Does Ricoh have libraries for supporting TLS 1.2 with SDKJ? What would your recommendation be?

Hello

Please help to create a maintenance signature for the attached version

This version covers issues

-  Add an optional to disable AAA lib since it is conflicted with other 3rd app (GeniusMFP client on customer side)

-  Post back a fixbug from the KofaxRicohJava client v6.0.0- the client cannot start on the device fw 11 or higher, if  changed scan settings.

Thank you very much

Ngoc

Hi,

Today we not sure how to proceed with SDK / J signatures.
We know that java devices are no longer manufactured and that the SDK / J no longer receives updates.

However, we do not know if we can still request maintenance and PTEC processes.

1 - Could you explain to us what is Ricoh's policy for SDK / J applications today?
2 - Can we request maintenance?
3 - Can we start new PTEC processes?

Thank you.

Best regards,
Guilherme Santos

Hello

Since last incident (Incident ID#: 3362) we asked for upgrading aaa-client with a newer commons-codec-1.4.jar, Ricoh AAA team informed there is no security issue for internal using of commons-codec-1.4.jar, no further confirmation for  upgrading or not.

This request is a progression when we are processing any report from the WhiteSource for this lib.

Can you please confirm is there any updating for SDK/J lib aaa-client with a using of “commons-codec-1.4.jar” at the moment or near future?

https://saas.whitesourcesoftware.com/Wss/WSS.html#!libraryQuality;uuid=4f944f33-8016-4215-884d-d795a359ca0d

Level     Type      Library  Description        Details

Error      Policy Violationcommons-codec-1.4.jarReject Medium Severity Vulnerabilities 

Error      Security Vulnerability     commons-codec-1.4.jarMedium:2          

• WS-2009-0001: Not all "business" method implementations of public API in Apache Commons Codec 1.x are thread safe, which might disclose the wrong data or allow an attacker to change non-private fields.
• WS-2010-0001: Base64 encode() method is no longer thread-safe in Apache Commons Codec before version 1.7, which might disclose the wrong data or allow an attacker to change non-private fields.

Error      High Severity Bug             commons-codec-1.4.jarCritical:1               2804 - https://issues.apache.org/jira/browse/CODEC-98

Warning               New Version      commons-codec-1.4.jarVersion 1.11 is available

Thank you very much

Ngoc

Hi,

I would like to request a 60-days beta signature for our SafeCom Go Ricoh application for testing a fix at a customer site. Please find the servlet, xlet, and the signed beta agreement attached.

Thank you!

Sebestyen

Hello

Our customer reports a case with a Ricoh 5503 in different VLAN segment with KFS server.

When reset MFP device without network cable, the Kofax Ricoh client can start up, after then they pluggin network cable to device, MFP and Kofax Ricoh Client work as expected.

When reset MFP with a plugged in network cable, Kofax Ricoh Client can NOT start, there is no icon on the home screen (see the device log VLAN.zip). Use the same this screnario in the same subnet with KFS server, the issue does not happen (see the device log SameSubnetAsServer.zip)

I have investigated the logic code, and seems the problem comes from one of 2 AAA methods below:

auth = Authenticator.create(context, prodId) or auth.add(instance);

There is no eception, no success logs string as working case.

You can compare 2 logs, begin from "DeviceAAAListener initInstance ..." to see differences

--------------------------------------------------------------

This logic uses aaa client lib:

   private Authenticator auth;

   public static void initInstance(XletContext context, UIFlowController controller, MFPClient parentXLet)
    {
        //logger.debug("COD2207 DeviceAAAListener.initInstance start");
        instance = new DeviceAAAListener(controller);
        instance.parentXLet = parentXLet;

        System.out.println("DeviceAAAListener initInstance ...");
        // Registers this object to Authenticator object.
        try {
            final String prodId = (String) context.getXletProperty(XletContext.PRODUCTID);
            instance.auth = Authenticator.create(context, prodId);
            instance.auth.add(instance);
            System.out.println("DeviceAAAListener initInstance added instance");
        } catch (Exception e) {
            System.out.println("DeviceAAAListener initInstance Exception " + e.toString());
            //logger.debug("COD2207 DeviceAAAListener.initInstance exception: " + e.toString());
            e.printStackTrace();
        }
        //logger.debug("COD2207 DeviceAAAListener.initInstance end");
    }

--------------------------------------------------------------

This issue does not happen if device uses the same subnet with KFS server.

I include the client with its aaa lib.

Could you please point me what does happen with AAA? do we have a workaround?

Thank you very much

Ngoc

Is the Pro C7200 a supported device? It's not listed in the ESA Matrix. I'm just looking to confirm.

Regards,
Mike