Bug ID 468790: Inconsistent SafeNet key deletion in BIG-IP and Safenet HSM

Last Modified: Nov 07, 2022

Bug Tracker

Affected Product:  See more info
BIG-IP LTM(all modules)

Known Affected Versions:
11.6.0, 11.6.0 HF1, 11.6.0 HF2, 11.6.0 HF3, 11.6.0 HF4, 11.6.0 HF5, 11.6.0 HF6, 11.6.0 HF7, 11.6.0 HF8, 11.6.1

Fixed In:
12.0.0, 11.6.1 HF1

Opened: Jun 24, 2014
Severity: 3-Major

Symptoms

Under some conditions, when deleting a SafeNet key, the key is deleted from HSM but not from the BIG-IP system.

Impact

If this clientSSL profile is currently used by a virtual server, then SSL connection to this virtual server fails since the key is not in HSM.

Conditions

This issue happens when the BIG-IP system satisfies the following conditions: 1. A SafeNet-generated key is in use by a clientSSL profile. 2. Safenet HSM is installed.

Workaround

1. Remove the key/cert from the clientSSL profile, so that they become 'not in use'. 2. Delete the not-in-use key/cert from the BIG-IP system. 2. Configure another key/cert in the clientSSL profile.

Fix Information

In this release, when deleting a SafeNet key, the key is deleted from HSM as well as from the BIG-IP system

Behavior Change