16-Jul-99 11:23 you wrote:
> On Fri, Jul 16, 1999, Jens Leuschner wrote:
>> > Has the ssl_enginge_log told you that all servers have been configured
>> > already? Are you perhaps using /dev/random and temp key generation is
>> > somehow slowly?
>>
>> YES! THAT WAS IT!!!
>> I really thank you for pointing me to this! But why did this work with
>> mod_ssl 2.2.8? Is it possible, that mod_ssl did a non_blocking read to
>> /dev/random, where mod_ssl 2.3.5/6 does a blocking read?
>> The kernel was the same (linux 2.2.10). So it cannot be a change in
>> /dev/random.
> No, ssl_engine_rand.c was not changed recently. But nevertheless you mention a
> good idea to overcome the /dev/random variants which block: we could read in
> non-blocking mode. Hmmmm... that would be perhaps a reasonable thing. Any
> opinions?
But what to do when you'll got just 1 byte on enthropy ? Or 0 bytes ? IMO just
big warning somewhere about preference of /dev/urandom over /dev/random for
temporary keys will be enough...
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
