I'm clearly a stupid fsck, but perhaps this tip will help other stupid
fscks out there running Apache and modssl on Linux.
I was having trouble with long (really long, sometimes) connect times
on SSL connections. Sometimes things would go through immediately, or
within a second or two, but often it would be 20 seconds before data
started coming back. Well, I'd configured SSL to use the high-quality
random data from /dev/random (Linux gurus can stop reading here --
I've just told you what I did wrong) but that device won't give you
any more data than it has collected entropy. That is, /dev/random
maintains a pool of randomness that is fed by external, presumably
unpredictable, events. When the pool runs dry, you have to wait for
some random stuff to happen before you'll get the data you tried to
read.
So Apache was reading from this limited resource, and sometimes (if I
was moving the mouse, or typing, or had a lot of disk activity
happening) there'd be enough random data to generate a key or whatever
modssl needed, but other times it had to wait until "things"
happened. Tough to debug if you're thinking it's maybe network
problems or something, but a quick strace will show what's really
happening.
Anyway, the solution is to use /dev/urandom, which never runs dry, as
your source for the SSLRandomSeed lines.
d.
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
