Great news and congratulations to everyone on landing this work. I see that the RNG is now capable of automatically reseeding itself on fork, which will be a huge win for applications that aren't rigorous about doing so themselves (read: most of them). However, it appears that OPENSSL_INIT_ATFORK is not set as an option when OpenSSL calls OPENSSL_init_crypto. Would it be possible to make this default? This would be a large improvement in terms of protecting applications linking against OpenSSL.
-Paul Kehrer (reaperhulk) On Mon, Aug 14, 2017 at 10:45 AM, Salz, Rich via openssl-dev <openssl-dev@openssl.org> wrote: > Thanks everyone for the discussion (mainly in June) about this. There’s a > blog post describing what we’ve done for the 1.1.1 release: > https://www.openssl.org/blog/blog/2017/08/12/random/ > > > > > -- > openssl-dev mailing list > To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev > -- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
