Known limitations and restrictions
Known limitations and restrictions exist in 10.6.x.
Known limitations
The following table lists the known limitations. When a limitation is removed, that row contains the release about when resolved.
Limitation | When resolved |
---|---|
GitOps integration is unsupported in the default domain. |
|
When you create an instance of a crypto key or certificate, the log contains the error
message 0x83a0001e erroneously. You can ignore this error message.
|
|
FIPS cryptographic mode is unsupported. The DataPower® main task always
operates in permissive mode. Even when configured in FIPS mode before an upgrade, the upgrade
changes the mode to permissive. |
|
To secure connections to an Oracle data source, the following TLS protocol versions are
supported. The default protocol version is TLSv1.2. You can override the protocol version with the
CryptoProtocolVersion configuration parameter.
To specify TLSv1.2 and TLSv1.3, specify |
|
If you cannot log in to a tenant after a secure restore operation or running the
reinitialize command, complete the following steps on the landlord.
|
|
When you create the gateway-peering instance for API rate limits and the peering instance is
in cluster mode, the following restrictions and limitations apply. These restrictions and
limitations do not apply when the peering instance is in stand-alone or peer mode.
|
|
If the rate limit configuration is not enabled, the following behavior occurs.
|
|
TLSv1.3 is unsupported in the TLS client profile for the analytics endpoint. | |
Although you configured a proxy policy for the API gateway, the proxy policy does not apply to the analytics endpoint if it uses the Kafka protocol. The proxy policy is applied to the analytics endpoint only when it uses the HTTP or HTTPS protocol. |
Known limitations to the API gateway support for GraphQL exist. For this list, see GraphQL limitations.
Restrictions
The following permanent restrictions apply.
- Although the volume for the RAID array appears as a subdirectory on the local: directory, it is not a subdirectory. Therefore, GitOps integration does not operate against files that you store in the RAID array.
- SSLv3 is unsupported in the TLS profiles for the API Connect gateway service.
- Due to increased security requirements, the API Connect gateway service fails to come up when
PKCS #12 key-certificate pairs contain unsupported algorithms. This restriction applies to only
noncontainer gateways to use a PKCS #12 key-certificate pair with unsupported algorithms. In this
case, the log file contains the following message.
[0x88e00011][apic-gw-service][error] apic-gw-service(default): API Connect Gateway Service caught unhandled rejection: Error: All sentinels are unreachable. Retrying from scratch after 10ms. Last error: unsupported
To resolve, create a new key-certificate pair and update the configuration of the API Connect gateway service. You can create this key-certificate pair with the DataPower crypto tool or through a third-party tool, such as OpenSSLv3. You cannot use OpenSSLv1 because the key-certificate pair contains these unsupported algorithms.