CloudHSM: SDK v5 Failover Issue

We have the following configurations in our testing environment:

2 HSMs in the CloudHSM cluster
2 EC2 instances installed with SDK v5 and PKCS11 application
EC2#1 is connected to HSM#1 and EC2#2 is connected to HSM#2

Both PKCS#11 apps in EC2#1 and EC2#2 are running as normal initially. However, when one of HSM is removed from the cluster, we are starting to see errors in both EC2 instances. During the errors occurred, there is stilll one active HSM in the cluster. The same errors are shown in both EC2 instances: java.io.IOException: PKCS11Exception: CKR_DATA_LEN_RANGE

Anyone has any idea why SDK v5 fails in this case?

Thank you.

Topics

Security, Identity, & Compliance

Relevant content

CloudHSM SDK 5 ECDH Key Agreement
gcadien
asked 3 months ago
Aws cloudhsm pkcs11
rePost-User-0114260
asked a year ago
7 tests fail when running AWS test suite for CloudHSM pkcs11 on SDK 5
Accepted Answer
wwinogrodzki
asked 5 months ago
Can't install latest cloudhsm-client alongside cloudhsm-pkcs11 or cloudhsm-cli
rePost-User-8815139
asked a year ago
How can I resolve connection issues between the CloudHSM client and the CloudHSM cluster?
AWS OFFICIALUpdated 5 months ago
How can I share CloudHSM clusters with other AWS accounts?
AWS OFFICIALUpdated 2 years ago
I want to stop using the CloudHSM Classic service
AWS OFFICIALUpdated 3 years ago
How can I patch OpenSSL to enable use with the CloudHSM CKM_RSA_AES_KEY_WRAP mechanism?
AWS OFFICIALUpdated 3 months ago
Connect and Publish to AWS IoT Core using the AWS SDK for .NET
EXPERT
Kai Dickman
published 6 months ago
EMR Cluster failure with "On the master instance, application provisioning failed"
SUPPORT ENGINEER
Yokesh NK
published 7 days ago