Changed in 10.6.0
IBM® DataPower® Gateway 10.6.0 introduces the following value and behavioral changes.
Library upgrade to support TLS
10.6.0.0 includes an updated library to support TLS and cryptographic operations. The updated crypto library improves security and usability, but the added complexity of this implementation comes with a performance cost. This update is needed to maintain the proper security posture, which includes CVE updates.
Value changes
Since the 10.5.4 release and the previous long-term support (LTS) release, the following changes apply to values. These changes apply to 10.5.0.11 or later fix packs.
Function area | What changed | Previous | Current |
---|---|---|---|
Password aliases | 10.6.0.0 - Maximum character length of plaintext and encrypted password | 127 | 512 |
GitOps templates | 10.6.0.0 - Label text |
|
|
Behavioral changes
- Default TLS server profile to secure connections from clients
- 10.6.0.0 - The default TLS server profile that secures connections from clients to any
management interface supports only TLS 1.2 and TLS 1.3 and the following cipher suites in preference order.
AES_256_GCM_SHA384 CHACHA20_POLY1305_SHA256 ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 ECDHE_RSA_WITH_AES_256_GCM_SHA384
Instead of using the built-in TLS server profile that uses a DataPower self-signed certificate, use a custom TLS server profile or TLS SNI server profile to secure connections from clients. For more information, see Custom TLS profile for management access.