Overview

IBM® DataPower® Gateway serves as the enterprise-grade, field-proven, security-rich API gateway. The DataPower Gateway is available in physical, virtual, cloud, Linux®, and Docker form factors.

The DataPower Gateway is a single multichannel gateway that helps provide security, control, integration, and optimized access. These capabilities apply to a full range of mobile, web, application programming interface (API), service-oriented architecture (SOA), B2B, and cloud workloads. The capabilities help you to rapidly expand the scope of valuable IT assets to new channels that gives customers, employees, and partners access to critical resources.

Attention: In the next LTS, you will not be able to access the WebGUI even if you modify the browser URL. Access to the WebGUI in this manner will remain in the future 10.6.0 fix packs.

Host keys and establishing an SSH session

10.6.0.4 - The DataPower SSH server now supports ECDSA and ED25519 SSH host keys. After you upgrade, ECDSA and ED25519 keys are generated. After the upgrade, The SSH handshake chooses one of these stronger algorithms over RSA. As a result, you might see a receive a warning about the change to the host identification, which is expected due to the key update. For more information, see Connection after host keys changed.

Updated component firmware on HSM-equipped appliances to 2.09-0702

10.6.0.2 - For HSM-equipped appliances with component firmware 2.09-0702 and later, the following restrictions apply.
  • The key transport algorithm must be rsa-oaep-mgf1p or rsa-oaep.
  • OAEP parameters are unsupported.
  • The OAEP digest algorithm cannot be md5 and ripemd160.
  • For the rsa-oaep key transport algorithm, the OAEP digest algorithm and the MGF algorithm must match.
For HSM-equipped appliances with component firmware 2.04-49 and earlier, the key transport algorithm must be rsa-1_5.

Library upgrade to support TLS

10.6.0.0 includes an updated library to support TLS and cryptographic operations. The updated crypto library improves security and usability, but the added complexity of this implementation comes with a performance cost. This update is needed to maintain the proper security posture, which includes CVE updates.

Compatibility with API Connect

To determine whether your DataPower firmware version is compatible with API Connect, Use the Software Product Compatibility Reports (SPCR) website to generate a requirements report appropriate for your API Connect version and environment.

To generate an API Connect requirements report, complete the following steps.
  1. Open the Detailed system requirements for a specific product page on the SPCR website.
  2. Enter api connect as the product.
  3. In the search results list, select IBM API Connect.
  4. From the Version list, select your version.
  5. Click Detailed system requirements to generate the requirements report.