To enable TLS 1.3 functionality, ensure that the enable_tls_v1_3 Key Value Pair is configured and pushed to ISAC mobile client (Android/iOS) from the MDM server.

Key-Value Pair Setting

•Configuration Key: enable_tls_v1_3

•Value Type: Boolean

•Configuration Value: true

•To enable TLS 1.3 functionality, ensure that the enable_tls_v1_3 Key Value Pair is configured and pushed to ISAC mobile client (Android/iOS) from the MDM server.

Key-Value Pair Setting

•Configuration Key: enable_tls_v1_3

•Value Type: Boolean

•Configuration Value: true

•ICS License Server cannot lease licenses to License Clients running versions 22.7Rx, 22.8Rx, or 25.1.x.x. See, forum.

•Certificate based authentication will not work after upgrading to 25.1.0.0, if client uses SHA-1 based certificates.

•SSLv3, TLS1.0 and TLS1.1 versions are removed and there are additional cipher changes implemented as part of this release. For more information, see Configuring SSL Options.

•Use of SHA1 for digital signature is not supported, use SHA2 and above:

•SHA2 is the minimum required version in digital signatures. ICS server will no longer connect or validate with SHA1 in digital signatures.

•Enable SHA2 as response signature algorithm in OCSP response on OCSP responder.

•If the ICS only contains SHA1 device signed certificates, the user interface fails to launch. At least one SHA2 signed certificate or any newer version after SHA1 is mandatory.

•Certificate Validation: HTTP/1.1 Enforcement for OCSP Requests Starting with version 25.1.0.0, certificate validation process now explicitly enforces the use of HTTP/1.1 for Online Certificate Status Protocol (OCSP) requests. This ensures consistent and reliable communication during certificate status checks. For more info refer KB.

•Cluster upgrade is not supported from 22.8R2 to 25.1.0.0. To upgrade, break the cluster, upgrade and then create the cluster again. For more information, see Cluster Migration from 22.8Rx to 25.x.

•For RSA Authentication to work, Add the agent's host name in RSA Auth Manager and configure it in ICS. Ensure the RSA/ACE server has a host entry in ICS.

•In this release, the /api/v1/healthcheck REST API response has been updated to return content as bytes, which aligns with the default behavior of many web frameworks and libraries when handling API responses. Previously, the response was returned as a string. This change could impact systems or integrations assuming the response would always be a string.

•Upgrade or Binay Import is not supported if SHA-1 certificates are configured on any ICS ports.

•Configs with deprecated features will be upgraded or imported to 25,x but will not be qualified. Please refer the KB for more details

•arping command no longer resolves hostnames. The command now requires a direct IP address as input. Attempts to use hostnames will result in an error.

Example error: Bad Value for ai_flags. Don’t use a hostname with arping.

•The ARP Maintenance >Troubleshooting >Tools >Commands>ARP option no longer supports hostnames as input. You must now specify a direct IP address when using this command. Attempts to use hostnames will result in following error.
Example error: Bad Value for ai_flags. Don’t use a hostname with arping.