Bug ID 439490: System does not reconnect to SafeNet HSM if connection is interrupted

Last Modified: Oct 16, 2023

Affected Product(s):
BIG-IP LTM(all modules)

Known Affected Versions:
11.6.2 HF1

Fixed In:
11.6.0, 11.5.1 HF6

Opened: Dec 03, 2013

Severity: 3-Major

Related Article: K15306

Symptoms

The BIG-IP system does not reconnect to SafeNet HSM if the connection is interrupted. That means that SSL connections that utilize a key stored on the network HSM fail.

Impact

When this occurs, the system experiences traffic interruptions for SSL connections that utilize a key stored on the network HSM until manual corrective action is taken.

Conditions

This occurs when the BIG-IP system is configured to use a SafeNet network HSM and the connection between the BIG-IP system and the network HSM is interrupted.

Workaround

To work around this issue, restart the pkcs11d process using the command 'tmsh restart sys service pkcs11d'.

Fix Information

The BIG-IP system now reconnects to SafeNet HSM if the connection is interrupted, so connections continue as expected.

Behavior Change

Guides & references

K10134038: F5 Bug Tracker Filter Names and Tips