Bug ID 422241: Thales without OCS protected slot

Last Modified: Oct 10, 2018

Bug Tracker

Affected Product:  See more info
BIG-IP All(all modules)

Known Affected Versions:
11.4.0, 11.4.1

Fixed In:
11.5.0, 11.4.1 HF9

Opened: May 30, 2013
Severity: 2-Critical

Symptoms

The pkcs11d daemon is unable to initialize the pkcs11 session with the hardware security modules (HSM), if only the module slot exists. The pkcs11d daemon expects an Operator Card Set (OCS)-protected slot to always exist.

Impact

pkcs11d daemon is unable to initialize the session with the HSM and keeps restarting due to failed initialization.

Conditions

Configuring only module-protected slots and disabling OCS protected slot.

Workaround

Enable an OCS protected slot.

Fix Information

The system now supports Thales without an Operator Card Set (OCS)-protected slot.

Behavior Change