Last Modified: Apr 17, 2024
Affected Product(s):
BIG-IP LTM
Known Affected Versions:
14.1.2, 14.1.2.1, 14.1.2.2, 14.1.2.3, 14.1.2.4, 14.1.2.5, 14.1.2.6, 14.1.2.7, 14.1.2.8, 14.1.3, 14.1.3.1, 14.1.4, 14.1.4.1, 14.1.4.2, 14.1.4.3, 14.1.4.4, 14.1.4.5, 14.1.4.6, 14.1.5, 14.1.5.1, 14.1.5.2, 14.1.5.3, 14.1.5.4, 14.1.5.6, 15.1.0, 15.1.0.1, 15.1.0.2, 15.1.0.3, 15.1.0.4, 15.1.0.5, 15.1.1, 15.1.2, 15.1.2.1, 15.1.3, 15.1.3.1, 15.1.4, 15.1.4.1, 15.1.5, 15.1.5.1, 15.1.6, 15.1.6.1, 15.1.7, 15.1.8, 15.1.8.1, 15.1.8.2, 15.1.9, 15.1.9.1, 15.1.10, 15.1.10.2, 15.1.10.3, 15.1.10.4
Opened: Apr 14, 2020 Severity: 3-Major
SSL handshakes intermittently fail for virtual servers using HSM keys. In /var/log/ltm you see errors: err pkcs11d[6575]: 01680002:3: Key table lookup failed. error.
SSL handshakes that arrive on the secondary blade(s) fail. Handshakes arriving on the primary blade work fine.
1. Keys were created on earlier versions of BIG-IP software with fipskey.nethsm wrapper, and the device was upgraded to 14.1.0 or later. 2. Keys were created on BIG-IP v14.1.0 or later directly, using fipskey.nethsm wrapper. 3. The platform is a multi-bladed Viprion. This can occur after applying the workaround for ID758491: https://cdn.f5.com/product/bugtracker/ID758491.html
Re-install the Thales client after the upgrade.
None