Werner Koch <[EMAIL PROTECTED]> writes: > On Tue, 8 Jan 2008 11:59, [EMAIL PROTECTED] said: > >> Anyway there 3000 calls to /dev/urandom are far too many for an initial >> pool filling. I need to check this. > > Found it. The bug was introduced with libgcrypt 1.3.1. Here is a patch:
Thanks. Running gnutls-cli using libgcrypt SVN leads to: random usage: poolsize=600 mixed=25 polls=25/113 added=593/12956 outmix=3 getlvl1=3/136 getlvl2=0/0 Compared to the old situation: random usage: poolsize=600 mixed=621 polls=3000/117 added=3588/370308 outmix=3 getlvl1=3/136 getlvl2=0/0 So we have reduced /dev/urandom consumption from 3000*120=360kb to 25*120=3kb, right? Strace also confirms the latter amount. That's good. Still, 3kb per TLS connection is excessive, so I still recommend exim to set a libgcrypt seeds file to solve the problem. Thanks, /Simon -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]