Operational Defect Database
BugZero found this defect 158 days ago.
Data sources
All data on this page is proprietary to BugZero® or gathered from public sources
F5 | 1429897
NShield netHSM : Creating new nShield key does not commit this key to an external RFS with nShield 12.60
Last update date:
5/16/2024
Affected products:
BIG-IP
BIG-IP LTM
Affected releases:
16.1.0
16.1.1
16.1.2
16.1.2.1
16.1.2.2
16.1.3
16.1.3.1
16.1.3.2
16.1.3.3
16.1.3.4
16.1.3.5
16.1.4
Fixed releases:
No fixed releases provided.
Description:
Bug ID 1429897: NShield netHSM : Creating new nShield key does not commit this key to an external RFS with nShield 12.60 ... Last Modified: May 16, 2024 ... Severity: 3-Major ... Symptoms ... With nShield software v12.60 when creating a new nShield key on BIG-IP which is a client of an external RFS the new key is not automatically uploaded to RFS. ... It works fine with nShield software v12.40 and new keys are committed to RFS without 'rfs-sync -c'. ... If we generate a new HSM key with fipskey.nethsm (a wrapper for /opt/nfast/bin/generatekey) the key is committed to RFS. ... Impact ... Upgrading to higher versions of BIG-IP software will cause issues due to the usage of nshield v12.60 in them. ... Conditions ... --> Configure BIG-IP with an external HSM. Use nShield software v12.60.x. --> Create a new nethsm key using TMSH or WebUI.
