Bug ID 740957: 'fips_get_key_attr(): mod_err = 0xa9' message seen in /var/log/ltm

Last Modified: Sep 13, 2023

Affected Product(s):
BIG-IP TMOS(all modules)

Known Affected Versions:
12.0.0, 12.0.0 HF1, 12.1.0 HF1, 12.0.0 HF2, 12.1.0 HF2, 12.0.0 HF3, 12.0.0 HF4, 12.1.1 HF1, 12.1.1 HF2, 12.1.2 HF1, 12.1.2 HF2, 12.1.0, 12.1.1, 12.1.2, 12.1.3,,,,,,,, 12.1.4,, 12.1.5,,,, 12.1.6

Opened: Aug 17, 2018

Severity: 4-Minor


When a newly created FIPS key with long name (greater than 32 characters) gets synced over an FIPS high availability (HA) setup, the daemon.log shows that the name gets truncated: key_label '/Common/testtmsh.with.long.name.and.config.sync.ran.with.TMSH.version1' exceed max len of 32, truncating to 'nfig.sync.ran.with.TMSH.version1). And the ltm log shows the following message: fips_get_key_attr(): mod_err = 0xa9.


The newly created FIPS key's name gets truncated to 32 characters. The truncated FIPS key is config-sync'd to the peer system, however, so there is no other impact.


The issue is intermittent. -- HA setup with FIPS. -- Perform a config sync operation after creating FIPS keys with names longer than 32 characters.


There is no workaround, limit FIPS key names to 32 characters or fewer to prevent truncating.

Fix Information


Behavior Change

Guides & references

K10134038: F5 Bug Tracker Filter Names and Tips