Bug ID 650319: pkcs11d restart due to the leakage of file descriptors with unsupported Thales client 11.5

Last Modified: Nov 07, 2022

Bug Tracker

Affected Product:  See more info
BIG-IP LTM(all modules)

Known Affected Versions:
12.1.0, 12.1.0 HF1, 12.1.0 HF2, 12.1.1, 12.1.1 HF1, 12.1.1 HF2, 12.1.2, 12.1.2 HF1, 12.1.2 HF2, 12.1.3, 12.1.3.1, 12.1.3.2, 12.1.3.3, 12.1.3.4, 12.1.3.5, 12.1.3.6, 12.1.3.7, 12.1.4, 12.1.4.1, 12.1.5, 12.1.5.1, 12.1.5.2, 12.1.5.3, 12.1.6

Opened: Mar 10, 2017
Severity: 4-Minor

Symptoms

BIG-IP is leaking file descriptors. After reaching the limit, one needs to restart pkcs11d to make it work again.

Impact

BIG-IP is leaking file descriptors and after reaching the limit one needs to restart pkcs11d to make it working again.

Conditions

1. Access to Thales netHSM changes from accepted to denied. 2. LTM uses Thales software version 11.50.

Workaround

Use the supported version combination as stated at https://support.f5.com/kb/en-us/products/big-ip_ltm/manuals/product/f5-thales-hsm-version-interoperability-matrix.html

Fix Information

None

Behavior Change