New features and enhancements

This guide documents the following new features and enhancements:

• ECDSA X.509 certificates must now be formatted with named curves in all modes: In Federal Information Processing Standards (FIPS) and Common Criteria Mode, only secp256r1 (NIST P-256), secp384r1 (NIST P-384), or secP521r1 (NIST P-521) are allowed. With this release, explicitly-defined Elliptic Curve Digital Signature Algorithm (ECDSA) curves certificates cannot be used to represent local certificate authority (CA) certificates. For more information about supported cypher suites, see Advanced: Incoming SSL Configuration or Advanced: Outgoing SSL Configuration.

• Certificate pinning options now available from Certificate Mgmt page: You can now enable certificate pinning for in-app registration of iOS and Android devices from the System Manager > Security > Certificate Mgmt page. There, you can add certificates, generate a pinning request, and upload your pinning statement. For information about enabling and configuring certificate pinning, see Certificate pinning for registered devices.