Um 23:04 Uhr am 30.01.06 schrieb Sven Hartge: > Um 22:41 Uhr am 30.01.06 schrieb Florian Weimer: >> Sven Hartge: >>> So, conclusion: No the problem is not the gnutls-params file, but exim4 >>> using nearly each and every bit of entropy for a _single_ mail. >> This is expected and is quite hard to fix properly. During your tests, >> did Exim hang? > No, it used /dev/urandom this time (which quite surprised me, since I used > the same packages that were installed when Exim hang using /dev/random). > It seems I have a little mixup here, so I will restest the situation with > verified packages.
OK, with all those different packages patched and recompiled during the last hours, I got a little knot in my brain. So _of course_ it used /dev/urandom with your fix, as this was the whole point of the patch. (Forgive me for being a little slow sometimes.) Question again: does this patch qualify for an update of the Exim4 packages in Sarge with the next point release? I would even like to see a security update, since without this patch you can remotely block an Debian-Exim mailserver by opening severy SSL connections and thus emptying the entropy pool, causing any further SSL transaction of Exim4 to hang, because the unpatched tls-gnu.c uses /dev/random for its RSA seed. (Is this summary correct?) Grüße, Sven. -- Sven Hartge -- professioneller Unix-Geek Meine Gedanken im Netz: http://www.svenhartge.de/ Achtung, neue Mail-Adresse: [EMAIL PROTECTED]
