Bug ID 439540: Connection to a Self IP to network HSM may not be established after the BIG-IP system reboots.

Last Modified: Feb 13, 2019

Bug Tracker

Affected Product:  See more info
BIG-IP LTM(all modules)

Known Affected Versions:
11.5.0, 11.5.1, 11.5.1 HF1, 11.5.1 HF10, 11.5.1 HF11, 11.5.1 HF2, 11.5.1 HF3, 11.5.1 HF4, 11.5.1 HF5

Fixed In:
11.6.0, 11.5.1 HF6

Opened: Dec 03, 2013
Severity: 3-Major
Related AskF5 Article:
K16063

Symptoms

SSL connections or DNSSEC operations that utilize a key stored on the network HSM may fail.

Impact

Traffic interruptions for SSL connections or DNSSEC operations that utilize a key stored on the network HSM until manual corrective action is taken.

Conditions

The BIG-IP system is configured to use a network HSM. The BIG-IP system connects to the network HSM using a Self IP address. The BIG-IP system is rebooted or all of the BIG-IP services are restarted.

Workaround

Restart the pkcs11d process. The command is "tmsh restart sys service pkcs11d".

Fix Information

To fix this issue, restart the pkcs11d process. The command is "tmsh restart sys service pkcs11d".

Behavior Change