Bug ID 2313429: keymgmtd Memory Growth With Debug Logging And Dynamic CRL Validation

Last Modified: Jun 19, 2026

Affected Product(s):
BIG-IP TMOS(all modules)

Known Affected Versions:
17.1.0, 17.1.0.1, 17.1.0.2, 17.1.0.3, 17.1.1, 17.1.1.1, 17.1.1.2, 17.1.1.3, 17.1.1.4, 17.1.2, 17.1.2.1, 17.1.2.2, 17.1.3, 17.1.3.1, 17.1.3.2, 17.5.0, 17.5.1, 17.5.1.2, 17.5.1.3, 17.5.1.4, 17.5.1.5, 17.5.1.6, 21.0.0, 21.0.0.1

Opened: Jun 03, 2026

Severity: 3-Major

Symptoms

When debug logging is enabled for the key management daemon, memory usage for the keymgmtd process grows continuously while client certificate authentication with dynamic CRL validation is active. Memory does not recover while the system is running

Impact

The key management process memory grows proportionally to the connection rate while debug logging is active. Under sustained traffic, this can degrade system performance

Conditions

device config only, no code: - A Client SSL profile is configured with a client certificate authentication (peer-cert-mode require) and a dynamic CRL cert-validator with strict-revocation-check enabled, assigned to a virtual server - The log level for keymgmtd is set to debug: tmsh modify sys db log.keymgmtd.level value debug - Client certificate traffic is active through the virtual server

Workaround

- Set the keymgmtd log level back to the default: tmsh modify sys db log.keymgmtd.level value info - This stops memory growth without requiring a restart

Fix Information

None

Behavior Change

Guides & references

K10134038: F5 Bug Tracker Filter Names and Tips