Bug ID 581660: After restarting pkcs11d, Thales connection may fail with 'cannot locate key'.

Last Modified: Dec 20, 2018

Bug Tracker

Affected Product:  See more info
BIG-IP LTM(all modules)

Known Affected Versions:
12.1.0, 12.1.0 HF1, 12.1.0 HF2, 12.1.1, 12.1.1 HF1, 12.1.1 HF2, 12.1.2, 12.1.2 HF1, 12.1.2 HF2, 12.1.3, 12.1.3.1, 12.1.3.2, 12.1.3.3, 12.1.3.4, 12.1.3.5, 12.1.3.6, 12.1.3.7, 12.1.4

Opened: Mar 18, 2016
Severity: 2-Critical

Symptoms

netHSM connection may fail with a message 'cannot locate key'. This only affects Thales users. SafeNet users are not affected by this issue.

Impact

SSL handshake failure with a message similar to the following: SSL Handshake failed for TCP 10.10.0.1:59513 -> 10.10.1.150:20001.

Conditions

This may happen after restarting pkcs11d without starting tmm immediately after.

Workaround

For Thales, always restart tmm after restarting pkcs11d. To do so, run the following commands: bigstart restart pkcs11d bigstart restart tmm

Fix Information

None

Behavior Change