Werner Koch <[EMAIL PROTECTED]> writes:
> On Tue, 8 Jan 2008 11:59, [EMAIL PROTECTED] said:
>
>> Anyway there 3000 calls to /dev/urandom are far too many for an initial
>> pool filling. I need to check this.
>
> Found it. The bug was introduced with libgcrypt 1.3.1. Here is a patch:
Thanks. Running gnutls-cli using libgcrypt SVN leads to:
random usage: poolsize=600 mixed=25 polls=25/113 added=593/12956
outmix=3 getlvl1=3/136 getlvl2=0/0
Compared to the old situation:
random usage: poolsize=600 mixed=621 polls=3000/117 added=3588/370308
outmix=3 getlvl1=3/136 getlvl2=0/0
So we have reduced /dev/urandom consumption from 3000*120=360kb to
25*120=3kb, right? Strace also confirms the latter amount. That's
good.
Still, 3kb per TLS connection is excessive, so I still recommend exim to
set a libgcrypt seeds file to solve the problem.
Thanks,
/Simon
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
