devel <[EMAIL PROTECTED]> writes: > Hello, > When a machine do not have entropy for make random number gnutls wait > for complete gathering. > In some case computer can not collect entropy, bad configuration,no > hw..., And this seems to be a problem. > > My question is this. Have GNUTLS any time limit to wait for entropy?
Hi! No, there is no such time limit. GnuTLS uses libgcrypt for entropy gathering, and there are two purposes for which entropy is needed: when generating RSA/DSA keys, or D-H parameters, and when generating session keying material. If I remember correctly, the former uses /dev/random plus some libgcrypt internal stuff, the latter uses /dev/urandom plus some internal stuff. Thus, GnuTLS should never hang waiting for entropy generation during session-specific stuff. We've had some reports in the past that says GnuTLS (or, rather, libgcrypt) hangs waiting for entropy even during sessions, but nobody have been able to track things down or reproduce it, if I understand correctly. I think some of those reports, related to the Debian exim packages, were caused by re-generating D-H parameters in the server, which will hang. I think that has been fixed now, though. My message is this: if you have problems with the system hanging waiting for entropy, I think there is a bug somewhere (*), and you'll need to provide more debugging information. /Simon (*) Well, ok, with the exception for Windows and some other platforms, where there isn't really any good RNG and libgcrypt may take some time. But on a normal GNU/Linux system, there shouldn't be a problem, or there is a bug. _______________________________________________ Help-gnutls mailing list [email protected] http://lists.gnu.org/mailman/listinfo/help-gnutls
