Behavioral Changes
The following information describes behavioral changes to the Oracle Communications Session Border Controller (SBC) for version S-Cz9.2.0.
Default TLS Version
When creating a tls-profile, the default tls-version is tlsv13 rather than tlsv12. See "TLS Cipher Updates" to determine which ciphers are included in the new default cipher list.
IKE Interface Precedence
Prior to S-Cz9.2.0, if you had an invalid certificate configured in ike-interface but a valid certificate in ike-config, the SBC would accept the ike-config certificate rather than the ike-interface certificate. In release S-Cz9.2.0, ike-interface attributes take precedence over ike-config attributes. Verify your certificates in ike-interface are valid to ensure that the SBC establishes IPsec tunnels properly.
HTTP Client Management
By default, the SBC stops creating TCP connections to servers configured as an http-client when it reaches 500 connections, or CPU utilization reaches 70%. The system does this to reduce the impact of these clients traffic on the overall system. You can change these values or disable this function using the httpclient-max-total-conn and httpclient-max-cpu-load parameter in the system-config.
SSH Host Key Algorithms
If you upgrade to release S-Cz9.2.0p2 or later, the SBC offers rsa-sha2-512
as
the default host key algorithm. Connecting with a client that only offers a SHA1
hash algorithm, like ssh-rsa
, is no longer supported; your SSH
client must offer a SHA2 hash algorithm. If you receive a "no matching host key type
found" error message, make sure your client supports SHA2 host key algorithms.
This changes affects only the algorithms offered by the client, not the host key of the SBC.
SSH Keys for HA
When deploying the SBC in an HA environment, the SBC adds SSH keys to the active and standby configuration to support switchovers and HDR replication.
An example of the known-host keys:
ssh-key
name 169.254.1.1
size 2048
ssh-key
name 169.254.1.2
size 2048
ssh-key
name 169.255.1.1
size 2048
ssh-key
name 169.255.1.2
size 2048
An example of the authorized-keys:
ssh-key
name backup-sbc1
type authorized-key
size 2048
ssh-key
name backup-sbc2
type authorized-key
size 2048