On Tue, 20 Aug 2002 20:48:26 +0100 "Peter Viertel" <[EMAIL PROTECTED]> wrote:
> there's more info on this in the reference manual, than the FAQ. > > http://www.modssl.org/docs/2.8/ssl_reference.html#ToC4 > > Basically try changing the 'startup' one to use a > file:/path/to/file/with/junk/in/it that points at a file with something > random enough in it - I'm not mr crypto, but, by random I take it that > something >an outside party cant guess ought to be enough, and you need Actally something like "having an autocorrelation function which looks like a dirac delta function" is better. Since an algorithm can never produce real random, there are actually "hardware random generators" using a source like zener noise for random. Regards. mr. (paranoid) crypto. > to experiment with file lengths a bit to find what works enough - some > people advocate using the syslog output. Of course if you're just > hacking around and you dont care that the NSA or the Home Office might > be able to decrypt your ssl streams, then why stress out about it? > I do care, they are always after me, realy! > the 'connect' one however should get by using the builtin or see if you > can get egd working - this one does affect performance, so avoid using > the exec: option because spawning processes is not cheap on resources. > > [EMAIL PROTECTED] wrote: > > >Hi all - > > > >This seems to be a commonly reported problem, but for all the archives > >and FAQs I've read, I am no further forward. Here is the situation: > > > >Apache 1.3.26, openSSL 0.9.6g, mod_ssl 2.8.10-1.3.26, Compaq Tru64 UNIX > >4.0F. > > > >On starting Apache, it immediately exits and logs the following in the > >error log file: > > > >[Tue Aug 20 15:50:13 2002] [error] mod_ssl: Init: Failed to generate > >temporary 512 bit RSA private key (OpenSSL library error follows) > >[Tue Aug 20 15:50:13 2002] [error] OpenSSL: error:24064064:random number > >generator:SSLEAY_RAND_BYTES:PRNG not seeded > >[Tue Aug 20 15:50:13 2002] [error] OpenSSL: error:04069003:rsa > >routines:RSA_generate_key:BN lib > > > >The FAQ refers to the SSLRandomSeed directive; this is set in the > >httpd.conf file as > > > >SSLRandomSeed startup builtin > >SSLRandomSeed connect builtin > > > >(As I'm running on Tru64 I don't have the option of using /dev/random) > > > >It also refers to problems at the "make certificate" stage; that seems > >to have gone through without any problems. > > > >I've also read that there are problems with PHP, so I have removed all > >reference in the httpd.conf file to the dynamic PHP module, and for good > >measure the dynamic Apache Jserv module, so these are not loading. Still > >no diference. > > > >Can anyone offer me some more pointers? > > > >Thanks > > > >Richard > > > >-- > > > >Richard Rogers > >IT Services, Staffordshire University > >______________________________________________________________________ > >Apache Interface to OpenSSL (mod_ssl) www.modssl.org > >User Support Mailing List [EMAIL PROTECTED] > >Automated List Manager [EMAIL PROTECTED] > > > > > > > ______________________________________________________________________ > Apache Interface to OpenSSL (mod_ssl) www.modssl.org > User Support Mailing List [EMAIL PROTECTED] > Automated List Manager [EMAIL PROTECTED] ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
