Bug ID 1579533: Jitterentropy read is restricted to FIPS mode or TMM usage only, for performance reasons

Last Modified: Sep 25, 2024

Affected Product(s):
BIG-IP LTM, SSLO, TMOS(all modules)

Known Affected Versions:
16.1.2.2, 16.1.3, 16.1.3.1, 16.1.3.2, 16.1.3.3, 16.1.3.4, 16.1.3.5, 16.1.4, 16.1.4.1, 16.1.4.2, 16.1.4.3, 16.1.5, 17.0.0, 17.0.0.1, 17.0.0.2

Opened: Apr 16, 2024

Severity: 2-Critical

Symptoms

If jitterentropy-read from CPU jitter is used in all cases, a big performance problem is seen for most cases where BIG-IP works in non-FIPS mode.

Impact

Very high CPU utilization is seen when BIG-IP handles traffic while in non-FIPS mode.

Conditions

The issues occur when BIG-IP operates in non-FIPS or FIPS mode and use jitterentropy to generate seed.

Workaround

None

Fix Information

None

Behavior Change

Guides & references

K10134038: F5 Bug Tracker Filter Names and Tips