Changed in 10.6.0

IBM® DataPower® Gateway 10.6.0 introduces the following value and behavioral changes.

Value changes
Behavioral changes

Library upgrade to support TLS

10.6.0.0 includes an updated library to support TLS and cryptographic operations. The updated crypto library improves security and usability, but the added complexity of this implementation comes with a performance cost. This update is needed to maintain the proper security posture, which includes CVE updates.

Value changes

Since the 10.5.4 release and the previous long-term support (LTS) release, the following changes apply to values. These changes apply to 10.5.0.11 or later fix packs.

Table 1. Value changes in 10.6.0
Function area	What changed	Previous	Current
Password aliases	10.6.0.0 - Maximum character length of plaintext and encrypted password	127	512
GitOps templates	10.6.0.0 - Label text	Value Inverse value	Read value Write value

Behavioral changes

Since the 10.5.4 release and the previous long-term support (LTS) release, the following changes apply to behavior. These changes apply to 10.5.0.11 or later fix packs.

Default TLS server profile to secure connections from clients

10.6.0.0 - The default TLS server profile that secures connections from clients to any management interface supports only TLS 1.2 and TLS 1.3 and the following cipher suites in preference order.

AES_256_GCM_SHA384
CHACHA20_POLY1305_SHA256
ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
ECDHE_RSA_WITH_AES_256_GCM_SHA384

Instead of using the built-in TLS server profile that uses a DataPower self-signed certificate, use a custom TLS server profile or TLS SNI server profile to secure connections from clients. For more information, see Custom TLS profile for management access.