➢ P.S. I wonder if it's feasible to have a configuration parameter that would
allow me to tell the TLS code to invoke RAND_add_ex() before generating session
keys?
At this point, you might as well just change the code to use getrandom() and
pass it through.
Either you accept that NIST SP 90A is right, or you just bypass it completely.
We’re in the first camp. But it’s open source, do what fits your needs.
--
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
