On Mon, 25 Feb 2002, Cliff Woolley wrote: > ssl_rand_seed() runs on every request if you configure it that way.
this is true, when 'SSLRandomSeed connect builtin' is configured, which is the default. not sure how much the scoreboard image changes between requests. though somewhat related, i still have on my ssl performance todo-list, optimizing 'SSLRandomSeed connect builtin'. first problem is that RAND_seed() mutex locks in a threaded MPM. and there's three calls to it at connect time: 1st - adds pid (already happened at startup) and time() (which RAND_seed already does everytime you call it). i'm no random number expert, but would be surprised if seed with the same values is useful. 2nd - stackdata (from unsigned char stackdata[256]), no idea how random that'll be. 3rd - scoreboard data better sources can be configured, but require reading from a file, running an external program or talking to an EGD. i think builtin could be improved. how about if threads are available, spawn a low priority thread to gather entropy using apr_generate_random_bytes() which mod_ssl can grab as needed without blocking?
