On Thu, Jul 12, 2001 at 08:40:58AM -0700, MATHIHALLI,MADHUSUDAN (HP-Cupertino,ex1)
wrote:
> # Semaphore:
> # Configure the path to the mutual explusion semaphore the
> # SSL engine uses internally for inter-process synchronization.
> SSLMutex file:/opt/apache2s/logs/ssl_mutex
Without having looked at the code, can mod_ssl rely on the mutexes in
APR?
> # Pseudo Random Number Generator (PRNG):
> # Configure one or more sources to seed the PRNG of the
> # SSL library. The seed data should be of good random quality.
> # WARNING! On some platforms /dev/random blocks if not enough entropy
> # is available. This means you then cannot use the /dev/random device
> # because it would lead to very long connection times (as long as
> # it requires to make more entropy available). But usually those
> # platforms additionally provide a /dev/urandom device which doesn't
> # block. So, if available, use this one instead. Read the mod_ssl User
> # Manual for more details.
> SSLRandomSeed startup builtin
> SSLRandomSeed connect builtin
> #SSLRandomSeed startup file:/dev/random 512
> #SSLRandomSeed startup file:/dev/urandom 512
> #SSLRandomSeed connect file:/dev/random 512
> #SSLRandomSeed connect file:/dev/urandom 512
Are you just using the PRNG in OpenSSL? Or, is there a PRNG in mod_ssl?
-- justin
