Bug ID 422241

Bug Tracker
ID 422241

Bug ID 422241: Thales without OCS protected slot

Last Modified: Jul 12, 2023

Affected Product(s):
BIG-IP All(all modules)

Known Affected Versions:
11.4.0, 11.4.1

Fixed In:
11.5.0, 11.4.1 HF9

Opened: May 30, 2013

Severity: 2-Critical

Symptoms

The pkcs11d daemon is unable to initialize the pkcs11 session with the hardware security modules (HSM), if only the module slot exists. The pkcs11d daemon expects an Operator Card Set (OCS)-protected slot to always exist.

Impact

pkcs11d daemon is unable to initialize the session with the HSM and keeps restarting due to failed initialization.

Conditions

Configuring only module-protected slots and disabling OCS protected slot.

Workaround

Enable an OCS protected slot.

Fix Information

The system now supports Thales without an Operator Card Set (OCS)-protected slot.

Guides & references

K10134038: F5 Bug Tracker Filter Names and Tips