Bug ID 618131: Latency for Thales key population to the secondary slot after reboot

Last Modified: Oct 16, 2023

Affected Product(s):
BIG-IP TMOS(all modules)

Known Affected Versions:
11.6.1, 11.6.2, 11.6.3, 11.6.3.1, 11.6.3.2, 11.6.3.3, 11.6.3.4, 11.6.4, 11.6.5, 11.6.5.1, 11.6.5.2, 11.6.5.3, 12.1.1, 12.1.2, 12.1.3, 12.1.3.1, 12.1.3.2, 12.1.3.3, 12.1.3.4, 12.1.3.5, 12.1.3.6, 12.1.3.7, 12.1.4, 12.1.4.1, 12.1.5, 12.1.5.1, 12.1.5.2, 12.1.5.3, 12.1.6

Opened: Sep 21, 2016

Severity: 3-Major

Symptoms

It may take a significant amount of time for the Thales key to populate from the primary slot to the secondary slot after a reboot. The latency can be a few minutes.

Impact

The key can't be found at secondary slot and the ssl traffic may fail.

Conditions

This occurs for Thales netHSM installed on Chassis.

Workaround

If SSL handshakes fail on secondary blades for newly created Thales keys, you may check secondary blades with nfkminfo -l to see if the file is there. If not the file can be synchronized with rfs-sync --U.

Fix Information

None

Behavior Change

Guides & references

K10134038: F5 Bug Tracker Filter Names and Tips