➢ P.S. I wonder if it's feasible to have a configuration parameter that would 
allow me to tell the TLS code to invoke RAND_add_ex() before generating session 
keys?
    
At this point, you might as well just change the code to use getrandom() and 
pass it through.

 Either you accept that NIST SP 90A is right, or you just bypass it completely. 
 We’re in the first camp.  But it’s open source, do what fits your needs.

-- 
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

Reply via email to