1. Release Notes
  2. Caveats, Known Issues, and Limitations
  3. Caveats in ECB 4.0.0

Caveats in ECB 4.0.0

The following items describe caveats in the ECB 4.0.0 release.

LDAP SNMP Trap Support

LDAP SNMP traps are not supported in P-CZ 4.0.0. ECB 4.0.0 does not generate any LDAP failures for the following OID failures:
  • 1.3.6.1.4.1.9148.2.1.8.9 apSmgmtLDAPCap
  • 1.3.6.1.4.1.9148.3.2.1.6 apSysMgmtMIBLDAPServerStatusObjects
  • 1.3.6.1.4.1.9148.3.2.1.6.1 apLDAPServerStatusTable
  • 1.3.6.1.4.1.9148.3.2.1.6.1.1 apLDAPServerStatusEntry
  • 1.3.6.1.4.1.9148.3.2.1.6.1.1.1 apLDAPConfigName
  • 1.3.6.1.4.1.9148.3.2.1.6.1.1.2 apLDAPServerIpAddress
  • 1.3.6.1.4.1.9148.3.2.1.6.1.1.3 apLDAPServerStatus
  • 1.3.6.1.4.1.9148.3.2.4.2.10 apSysMgmtLDAPServerStatusGroup
  • 1.3.6.1.4.1.9148.3.2.4.3.15 apSysMgmtLDAPServerStatusNotificationsGroup

HA Limitation

HA switchover causes TCP/TLS ports to be reset. This terminates the TCP/TLS calls that were in progress on the formerly active OECB. New call setup over TCP/TLS, however, is successful.

Logging Limitation

Setting Logging to DEBUG simultaneously with greater than 300k configuration degrades system performance. Be sure to set Logging to WARNING or NOTICE under this condition, and only use DEBUG when absolutely required.

LDAP Support

Only the default "ecb" network can support LDAP. Additional networks cannot.

Registrar Support

Only the default "ecb" network can act as the registrar. Additional networks cannot.

ECB Sync Compatibility

ECB SYNC is supported only between nodes with the same configuration platforms. For example, X3 to X3, X5 to X5, VM to VM are supported.

Deprecated Ciphers

The system deprecates the following ciphers, adhering to recent OpenSSL changes intended to eliminate weak ciphers:
  • All DES-CBC ciphers, including:
    • TLS_DHE_RSA_WITH_DES_CBC_SHA
    • TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA
Oracle recommends that you remove any prior version configuration that uses these ciphers, and that you do not configure a security profile with the expectation that these ciphers are available. Note also that TLS profiles using the ALL (default) value for the cipher-list parameter no longer use these ciphers.

Note:

The ACLI may still display these ciphers when you run cipher-list ?, but the system does not support them.