Learn about new features, enhancements, known issues, resolved issues, and other important details for Rackspace Cloud Load Balancers API 1.0 service in the following release note information.
For information about using the API, see the documentation overview.
Added search by name capability to list loadbalancers call
Resolved improper filtering on source address calls
New retrievable objects added, Cluster Source Addresses and Regional Source Addresses
Resolved bug leaving load balancer objects after deletion
Ensures HTTP2 is explicitly enabled for valid load balancers
Resolved bug allowing SSL termination to be set on a TCP_CLIENT_FIRST protocol
Create metadata request only accepts correct root tags mentioned in docs
Improved data security
Fixed undesirable behavior for x_forwarded_proto
Made domain validation more resilient
General API improvements
Resolved bug when retrieving SSLTermination for load balancer
Resolved bug leaving load balancer objects after deletion of load balancer
vTM REST API updated to v7.0 with backwards compatibility for v3.4
Resolved node weight mapping inconsistencies
Resolved bug retrieving AccessList XML
Resolved bug in CONNECT HealthMonitor validation
Resolved bug in ConnectionLogging protocol validation
Resolved performance-related bug in the handling and detection of deadlock rollbacks
Resolved bug when retrieving stats for heavy usage load balancers
Resolved bug during saving alert notifications
Resolved bug in SSL termination creation with HTTPS redirect
Resolved bug when changing Load Balancer Protocol while Content Caching is enabled
Resolved validation failure when submitting ECDSA PKCS#8 key for SSL Termination
Updated Atlas Backend Adapter to a more fault tolerant interface
Health Monitor body regex is no longer required
Fixed: Health Monitor validation not properly validating between POST and PUT contexts
Fixed: Show account-level usage API should display only the preceding 24 hours of usage if neither the startTime parameter nor the endTime parameter is supplied.
Fixed: When the load balancer is changed to a non-HTTP protocol, the default error page is not being restored.
Fixed: Fix the pagination issue for the “List node service events” API
Added Transaction Security Layer (TSL) 1.1 to the
securityProtocolsobject for the Update SSL termination configuration operation to disable Transaction Security Layer (TSL) 1.1.
Fixed: Toggling Secure Sockets Layer (SSL) termination breaks Server Name Indication (SNI) mappings
Fixed: SSL termination storing bad data after removal
Fixed: Broken usage pagination links
Fixed: HTTPS passthrough allows custom errorpage
Fixed: Inconsistency in CONNECT monitor User Datagram Protocol (UDP) validation
Fixed: UDP Load balancers should not be able to enable logging
Upgraded application support for Java version 1.8
Support TLS 1.2, SSL3.0, and various ciphers
Improved timestamp formatting on API responses
Resolved offset parsing errors and dates without time errors
Fixed setting an invalid value for boolean fields returning an incorrect response
Fixed custom error page that didn’t work with invalid characters(‘:’)
Feature: Cipher profile support
Load balancers with SSL termination are now assigned a cipher profile to control the set of ciphers enabled for secure communication between clients and the load balancer.
By default, load balancers are assigned a cipher profile named
defaultwhich is managed by Rackspace and updated from time to time to disable ciphers that have become insecure. For this reason, use of the
defaultcipher profile is recommended.
Other profiles are added and managed by Rackspace. As security concerns change, new cipher profiles may be added. Included with this release is the availability of the
CLBCipherPolicy2017-08cipher profile which currently matches the
defaultprofile with the exception of disabling the
SSL_RSA_WITH_3DES_EDE_CBC_SHAcipher. Rackspace security experts have determined the aforementioned cipher is still secure for use with Cloud Load Balancers due to maximum lifetime of requests but due to being downgraded from a “high” to “medium” strength cipher will be removed from the
defaultprofile in the near future. However, if you would like to disable it now you can leverage this new feature and the
CLBCipherPolicy2017-08profile to have it disabled on your load balancers immediately.
You can find the latest list of available cipher profiles and the ciphers they enable in the Ciphers section.
Feature: List enabled ciphers
For load balancers with SSL termination enabled you can use the API to retrieve the list of ciphers enabled. See List ciphers.
Resolved several API validation and logging issues.
Fixed a bug that caused an incorrect status to be returned for nodes under certain circumstances when the nodes were added while the condition was DRAINING.
securityProtocols object to the Update SSL termination
configuration operation to disable
Transaction Security Layer (TSL) 1.0.
Updates to provisioning algorithms to improve performance.
Relaxed TLS Certificate validation (expiration date and cert-chain ordering are no longer validated).
A certificate mappings feature was added for SSL-terminated load balancers.
SSL session ID persistence was added for HTTPS and SSL pass-through load balancers.
You can now use source IP session persistence on HTTP load balancers.
A private key is no longer returned for SSL termination.
Fixed bug in which real-time stats API call was returning the wrong usage for current connections (SSL).
Deprecated all connection throttling attributes except for the
maxConnectionsattribute. For details, see Throttle connections.
Implemented minor bug fixes.
Resolved some issues that could cause load balancers to go to an ERROR state when a custom error page was updated.
currentConn field has been added to the statistics operation for
better connection tracking. This field shows the number of simultaneous
connections that are active at the time of the request.
Updated the statistics operation to properly track SSL virtual servers.
Fixed a bug that caused an ERROR state when certain attributes of a load balancer with HTTPS Redirect enabled were modified.
Fixed an issue that caused a load balancer to go into an ERROR state if error pages were deleted and then SSL termination was subsequently enabled.
Fixed a concurrency issue that did not allow the deletion of nodes on a load balancer.
Fixed an issue that caused load balancers created before the 1.19.32 release to go into an ERROR state when the connection throttle was updated.