1. Release Notes
  2. Introduction to S-Cz9.2.0
  3. Behavioral Changes

Behavioral Changes

The following information describes behavioral changes to the Oracle® Enterprise Session Border Controller (ESBC) for version S-Cz9.2.0.

Default TLS Version

When creating a tls-profile, the default tls-version is tlsv13 rather than tlsv12. See "TLS Cipher Updates" to determine which ciphers are included in the new default cipher list.

IKE Interface Precedence

Prior to S-Cz9.2.0, if you had an invalid certificate configured in ike-interface but a valid certificate in ike-config, the ESBC would accept the ike-config certificate rather than the ike-interface certificate. In release S-Cz9.2.0, ike-interface attributes take precedence over ike-config attributes. Verify your certificates in ike-interface are valid to ensure that the ESBC establishes IPsec tunnels properly.

HTTP Client Management

By default, the ESBC stops creating TCP connections to servers configured as an http-client when it reaches 500 connections, or CPU utilization reaches 70%. The system does this to reduce the impact of these clients traffic on the overall system. You can change these values or disable this function using the httpclient-max-total-conn and httpclient-max-cpu-load parameter in the system-config.

SSH Host Key Algorithms

If you upgrade to release S-Cz9.2.0p2 or later, the ESBC offers rsa-sha2-512 as the default host key algorithm. Connecting with a client that only offers a SHA1 hash algorithm, like ssh-rsa, is no longer supported; your SSH client must offer a SHA2 hash algorithm. If you receive a "no matching host key type found" error message, make sure your client supports SHA2 host key algorithms.

This changes affects only the algorithms offered by the client, not the host key of the ESBC.

SSH Keys for HA

When deploying the ESBC in an HA environment, the ESBC adds SSH keys to the active and standby configuration to support switchovers and HDR replication.

An example of the known-host keys:

ssh-key
        name                                    169.254.1.1
        size                                    2048
ssh-key
        name                                    169.254.1.2
        size                                    2048
ssh-key
        name                                    169.255.1.1
        size                                    2048
ssh-key
        name                                    169.255.1.2
        size                                    2048

An example of the authorized-keys:

ssh-key
        name                                    backup-sbc1
        type                                    authorized-key
        size                                    2048
ssh-key
        name                                    backup-sbc2
        type                                    authorized-key
        size                                    2048