Known limitations and restrictions

Known limitations and restrictions to the 10.5.x CD stream exist.

Known limitations

The following table lists the known limitations. When a limitation is removed, that row contains the release about when resolved.

Table 1. Known limitations
Limitation When resolved
If you cannot log in to a tenant after a secure restore operation, complete the following steps on the landlord.
  1. Access the configuration that defines the tenant.
  2. Change the Administrative state property to disabled, and click Apply.
  3. Change the Administrative state property to enabled, and click Apply.
  
GitOps integration is unsupported in the default domain.  
When you create the gateway-peering cluster for API rate limits, the following restrictions and limitations apply.
  • The cluster must contain at least six nodes, where three nodes must be primary nodes.
  • After the creation of each node, wait until the cluster auto-configuration operation completes. When complete, you can create the next node in the cluster. You can use the following artifacts to verify the completion of the operation.
    • View the logs.
    • View the information in the gateway-peering cluster status provider.
  
If the rate limit configuration is not enabled, the following behavior occurs.
  1. All subsequent scale limits generate errors.
  2. The transaction fails.
  
To secure connections to an Oracle data source, the following TLS protocol versions are supported. The default protocol version is TLSv1.2. You can override the protocol version with the CryptoProtocolVersion configuration parameter.
  • For ODBC, TLSv1.2 and TLSv1.3.
  • For JDBC, TLSv1.2.

To specify TLSv1.2 and TLSv1.3, specify TLSv1.2,TLSv1.3 as the value for the CryptoProtocolVersion configuration parameter.

  
TLSv1.3 is unsupported in the TLS client profile for the analytics endpoint.  
Although you configured a proxy policy for the API gateway, the proxy policy does not apply to the analytics endpoint if it uses the Kafka protocol. The proxy policy is applied to the analytics endpoint only when it uses the HTTP or HTTPS protocol.  
Tenants never use the connection details from the landlord, and these details must match.
  • After you configure a tenant and you edit the details on the tenant, edit the details on the landlord to match the tenant.
  • After you secure-restore a tenant, edit the details on the tenant to match the landlord.
 10.5.3

Known limitations to the API gateway support for GraphQL exist. For this list, see GraphQL limitations.

Restrictions

The following permanent restrictions apply.

  • You cannot securely move keys from the HSM of 8436-53X appliance to either 8441-53X or 8496-53X appliances. You can securely move keys between 8441-53X and 8496-53X appliances.
  • FIPS cryptographic mode is no longer available. The DataPower® main task always operates in permissive mode. Even when configured in FIPS mode before an upgrade, the upgrade changes the mode to permissive.
  • SSLv3 is unsupported in the TLS profiles for the API Connect gateway service.