Last Modified: Sep 13, 2023
Affected Product(s):
BIG-IP TMOS
Known Affected Versions:
12.0.0, 12.0.0 HF1, 12.1.0 HF1, 12.0.0 HF2, 12.1.0 HF2, 12.0.0 HF3, 12.0.0 HF4, 12.1.1 HF1, 12.1.1 HF2, 12.1.2 HF1, 12.1.2 HF2, 12.1.0, 12.1.1, 12.1.2, 12.1.3, 12.1.3.1, 12.1.3.2, 12.1.3.3, 12.1.3.4, 12.1.3.5, 12.1.3.6, 12.1.3.7, 12.1.4, 12.1.4.1, 12.1.5, 12.1.5.1, 12.1.5.2, 12.1.5.3, 12.1.6
Opened: Aug 17, 2018 Severity: 4-Minor
When a newly created FIPS key with long name (greater than 32 characters) gets synced over an FIPS high availability (HA) setup, the daemon.log shows that the name gets truncated: key_label '/Common/testtmsh.with.long.name.and.config.sync.ran.with.TMSH.version1' exceed max len of 32, truncating to 'nfig.sync.ran.with.TMSH.version1). And the ltm log shows the following message: fips_get_key_attr(): mod_err = 0xa9.
The newly created FIPS key's name gets truncated to 32 characters. The truncated FIPS key is config-sync'd to the peer system, however, so there is no other impact.
The issue is intermittent. -- HA setup with FIPS. -- Perform a config sync operation after creating FIPS keys with names longer than 32 characters.
There is no workaround, limit FIPS key names to 32 characters or fewer to prevent truncating.
None