Full_Name: J. Grizzard Version: 2.6.3 OS: Solaris 7/x86 Submission from: (NULL) (199.174.214.247) When "SSLRandomSeed startup exec:/some/path" is used to seed the PRNG, the external command is re-run at every (graceful or non) restart, resulting in a particularly lengthy restart period where requests aren't answered. My setup takes about 30 seconds to generate the random number from the external program, so that results in 30+ seconds where my server cannot answer requests. This 30 second delay is quite acceptable at server startup, but really hurts when doing a graceful restart. I would like to see the PRNG state kept across restarts (this shouldn't be any more insecure than any other long-running httpd process), or possibly another context for SSLRandomSeed so I could say, perhaps, "SSLRandomSeed restart current" or something, to keep the current PRNG state. Either would make an exec: form of SSLRandomSeed much more useful than it is currently. ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
