Bug ID 740957: 'fips_get_key_attr(): mod_err = 0xa9' message seen in /var/log/ltm

Last Modified: Nov 07, 2022

Bug Tracker

Affected Product:  See more info
BIG-IP TMOS(all modules)

Known Affected Versions:
12.0.0, 12.0.0 HF1, 12.0.0 HF2, 12.0.0 HF3, 12.0.0 HF4, 12.1.0, 12.1.0 HF1, 12.1.0 HF2, 12.1.1, 12.1.1 HF1, 12.1.1 HF2, 12.1.2, 12.1.2 HF1, 12.1.2 HF2, 12.1.3,,,,,,,, 12.1.4,, 12.1.5,,,, 12.1.6

Opened: Aug 17, 2018
Severity: 4-Minor


When a newly created FIPS key with long name (greater than 32 characters) gets synced over an FIPS high availability (HA) setup, the daemon.log shows that the name gets truncated: key_label '/Common/testtmsh.with.long.name.and.config.sync.ran.with.TMSH.version1' exceed max len of 32, truncating to 'nfig.sync.ran.with.TMSH.version1). And the ltm log shows the following message: fips_get_key_attr(): mod_err = 0xa9.


The newly created FIPS key's name gets truncated to 32 characters. The truncated FIPS key is config-sync'd to the peer system, however, so there is no other impact.


The issue is intermittent. -- HA setup with FIPS. -- Perform a config sync operation after creating FIPS keys with names longer than 32 characters.


There is no workaround, limit FIPS key names to 32 characters or fewer to prevent truncating.

Fix Information


Behavior Change