Learn about new features, enhancements, known issues, resolved issues, and other important details for Rackspace Cloud Load Balancers API 1.0 service in the following release note information.
For information about using the API, see the documentation overview.
- Feature: Cipher profile support
- Load balancers with SSL termination are now assigned a cipher profile to control the set of ciphers enabled for secure communication between clients and the load balancer.
- By default, load balancers are assigned a cipher profile named
defaultwhich is managed by Rackspace and updated from time to time to disable ciphers that have become insecure. For this reason, use of the
defaultcipher profile is recommended.
- Other profiles are added and managed by Rackspace. As security concerns change, new cipher profiles may be added.
Included with this release is the availability of the
CLBCipherPolicy2017-08cipher profile which currently matches the
defaultprofile with the exception of disabling the
SSL_RSA_WITH_3DES_EDE_CBC_SHAcipher. Rackspace security experts have determined the aforementioned cipher is still secure for use with Cloud Load Balancers due to maximum lifetime of requests but due to being downgraded from a "high" to "medium" strength cipher will be removed from the
defaultprofile in the near future. However, if you would like to disable it now you can leverage this new feature and the
CLBCipherPolicy2017-08profile to have it disabled on your load balancers immediately.
- You can find the latest list of available cipher profiles and the ciphers they enable in the Ciphers section.
- Feature: List enabled ciphers
- For load balancers with SSL termination enabled you can use the API to retrieve the list of ciphers enabled. See List ciphers.
- Resolved several API validation and logging issues.
Fixed a bug that caused an incorrect status to be returned for nodes under certain circumstances when the nodes were added while the condition was DRAINING.
securityProtocols object to the Update SSL termination
configuration operation to disable
Transaction Security Layer (TSL) 1.0.
None for this release.
- Updates to provisioning algorithms to improve performance.
- Relaxed TLS Certificate validation (expiration date and cert-chain ordering are no longer validated).
None for this release.
- A certificate mappings feature was added for SSL-terminated load balancers.
- SSL session ID persistence was added for HTTPS and SSL pass-through load balancers.
- You can now use source IP session persistence on HTTP load balancers.
- A private key is no longer returned for SSL termination.
Fixed bug in which real-time stats API call was returning the wrong usage for current connections (SSL).
- Deprecated all connection throttling attributes except for the
maxConnectionsattribute. For details, see Throttle connections.
- Implemented minor bug fixes.
Resolved some issues that could cause load balancers to go to an ERROR state when a custom error page was updated.
currentConn field has been added to the statistics operation for
better connection tracking. This field shows the number of simultaneous
connections that are active at the time of the request.
- Updated the statistics operation to properly track SSL virtual servers.
- Fixed a bug that caused an ERROR state when certain attributes of a load balancer with HTTPS Redirect enabled were modified.
- Fixed an issue that caused a load balancer to go into an ERROR state if error pages were deleted and then SSL termination was subsequently enabled.
- Fixed a concurrency issue that did not allow the deletion of nodes on a load balancer.
- Fixed an issue that caused load balancers created before the 1.19.32 release to go into an ERROR state when the connection throttle was updated.