On Tue, Feb 29, 2000 at 11:51:06AM +0100, Lutz Jaenicke wrote:
> I just experienced the same problem (but I have been prepared :-)
> OpenSSL 0.9.5 is more picky about the correct seeding of the PRNG
> (pseudo random number generator). It seems (did not check this out *) that the
> internal seed generation
> SSLRandomSeed startup builtin
> is not good enough anymore (not enough entropy bits).
> You must now explicetly seed the PRNG as decribed.
The CHANGES file for mod_ssl 2.6.1 contains an entry
*) Extended builtin PRNG seeding with a run-time stack based source.
This way the builtin source now creates more entropy and usually
enough to make OpenSSL >= 0.9.5 happy again. If OpenSSL is still not
happy (i.e. still not sufficient entropy exists), a warning message
is logged by mod_ssl now.
However adding seeding of your own is of course the preferred method.
Those who do not have /dev/urandom and have not installed EGD
should at least create a constant seed file with lots of randomness
(cat lots of stuff, including all unpredicatable data sources that
you can think of, to ~/.rnd and run 'openssl dsaparam 1024'
or something like that to obtain a new seed file ~/.rnd;
then copy this to somewhere else and use it as seed file).
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
