Known restrictions and limitations

Known limitations and restrictions to the 10.0.1 LTS stream exist.

Known limitations

The following table lists the known limitations. When a limitation is removed, that row contains the release about when resolved.

Table 1. Known limitations
Limitations When resolved
If you cannot login to a tenant after a secure restore operation, complete the following steps on the landlord.
  1. Access the configuration that defines the tenant.
  2. Change the Administrative state property to disabled, and click Apply.
  3. Change the Administrative state property to enabled, and click Apply.
  
When you create the gateway-peering cluster for API rate-limiting, the following restrictions and limitations apply.
  • The cluster must contain at least six nodes, where three nodes must be primary nodes.
  • Wait after the creation of each node until the cluster auto-configuration operation completes. When complete, you can create the next node in the cluster. You can use the following artifacts to verify the completion of the operation.
    • View the logs.
    • View the information provided by the gateway-peering cluster status provider.
  
If the rate limit configuration is not enabled, all subsequent scale limits generate errors and the transactions fail.  
TLSv1.3 is unsupported in the TLS client profile for the analytics endpoint.  
Tenants never use the connection details from the landlord, and these details must match.
  • After you configure a tenant and you edit the details on the tenant, edit the details on the landlord to match the tenant.
  • After you secure-restore a tenant, edit the details on the tenant to match the landlord.
 10.0.1.17

Known limitations to the API gateway support for GraphQL exist. For this list, see Known GraphQL limitations.

Restrictions

The following permanent restrictions apply.

  • You cannot securely move keys between the HSM of 8436-53X appliances and 8441-53X appliances.
  • You cannot store keys that use TLSv1.3 on the HSM of 8436-53X appliances. In other words, the location of the crypto key file cannot be the hsm2: directory. If you define a key as part of the identification credentials for a TLS profile and the profile sets the TLSv1.3 protocol, the TLSv1.3 protocol is disabled on save. When you need a key with TLSv1.3 supported on an 8436-53X appliance, upload the key to the cert: directory.
  • FIPS cryptographic mode is no longer available. The DataPower® main task always operates in permissive mode. Even when configured in FIPS mode before an upgrade, the upgrade changes the mode to permissive.
  • SSLv3 is unsupported in the TLS profiles for the API Connect Gateway Service.