Known restrictions and limitations
Known limitations and restrictions to the 10.0.1 LTS stream exist.
Known limitations
The following table lists the known limitations. When a limitation is removed, that row contains the release about when resolved.
Limitations | When resolved |
---|---|
If you cannot login to a tenant after a secure restore operation, complete the following
steps on the landlord.
|
|
When you create the gateway-peering cluster for API rate-limiting, the following restrictions
and limitations apply.
|
|
If the rate limit configuration is not enabled, all subsequent scale limits generate errors and the transactions fail. | |
TLSv1.3 is unsupported in the TLS client profile for the analytics endpoint. | |
Tenants never use the connection details from the landlord, and these details must match.
|
10.0.1.17 |
Known limitations to the API gateway support for GraphQL exist. For this list, see Known GraphQL limitations.
Restrictions
The following permanent restrictions apply.
- You cannot securely move keys between the HSM of 8436-53X appliances and 8441-53X appliances.
- You cannot store keys that use TLSv1.3 on the HSM of 8436-53X appliances. In other words, the location of the crypto key file cannot be the hsm2: directory. If you define a key as part of the identification credentials for a TLS profile and the profile sets the TLSv1.3 protocol, the TLSv1.3 protocol is disabled on save. When you need a key with TLSv1.3 supported on an 8436-53X appliance, upload the key to the cert: directory.
- FIPS cryptographic mode is no longer available. The DataPower® main task always operates in permissive mode. Even when configured in FIPS mode before an upgrade, the upgrade changes the mode to permissive.
- SSLv3 is unsupported in the TLS profiles for the API Connect Gateway Service.