Bug ID 509284: Improved reliability of a module interfacing with HSM

Last Modified: Oct 01, 2018

Bug Tracker

Affected Product:  See more info
BIG-IP GTM, LTM, TMOS, vCMP, VE(all modules)

Known Affected Versions:
11.6.0, 11.6.0 HF1, 11.6.0 HF2, 11.6.0 HF3, 11.6.0 HF4, 11.6.0 HF5, 11.6.0 HF6, 11.6.0 HF7, 11.6.0 HF8

Fixed In:
12.0.0, 11.6.1

Opened: Feb 25, 2015
Severity: 2-Critical

Symptoms

Assuming that tmm has crashed and auto-restarted, traffic may stop for profiles with HSM keys.

Impact

Encrypted traffic will not be processed, even after daemons restart.

Conditions

This can occur when using HSM keys, and TMM crashes.

Workaround

Restart TMM, e.g. with 'bigstart restart tmm pkcs11d'

Fix Information

Fixed a race condition that may prevent proper initialization of an inter-process communication between TMM and pkcs11d.

Behavior Change