On Thu, Nov 11, 1999, dave madden wrote:
> =>From: "Ralf S. Engelschall" <[EMAIL PROTECTED]>
> =>...
> =>Yes, and details about this situation and problem are in the mod_ssl
> =>documentation since a long time - directly under the entry for
> => SSLRandomSeed.
> =>But people often like it more to waste time instead of reading documentation
> =>first... ;) I've now also added an FAQ entry about this topic to increase the
> =>chance people find the answer. Thanks for your hint.
>
> FAQ is good; perhaps also a mention in the comments of the default
> config file. (That's how I got in trouble: I was just going through
> the file and tweaking stuff.)
Now comitted for mod_ssl 2.4.9:
Index: httpd.conf-dist
===================================================================
RCS file: /e/modssl/cvs/mod_ssl/pkg.apache/conf/httpd.conf-dist,v
retrieving revision 1.47
diff -u -r1.47 httpd.conf-dist
--- httpd.conf-dist 1999/10/01 11:34:21 1.47
+++ httpd.conf-dist 1999/11/11 18:35:52
@@ -904,6 +904,13 @@
# Pseudo Random Number Generator (PRNG):
# Configure one or more sources to seed the PRNG of the
# SSL library. The seed data should be of good random quality.
+# WARNING! On some platforms /dev/random blocks if not enough entropy
+# is available. This means you then cannot use the /dev/random device
+# because it would lead to very long connection times (as long as
+# it requires to make more entropy available). But usually those
+# platforms additionally provide a /dev/urandom device which doesn't
+# block. So, if available, use this one instead. Read the mod_ssl User
+# Manual for more details.
SSLRandomSeed startup builtin
SSLRandomSeed connect builtin
#SSLRandomSeed startup file:/dev/random 512
Thanks for the hint.
Ralf S. Engelschall
[EMAIL PROTECTED]
www.engelschall.com
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
