On 17/08/17 13:22, Salz, Rich via openssl-dev wrote: > I understand the concern. The issue I am wrestling with is strict > compatibility with the existing code. Does anyone really *want* the > RNG’s to not reseed on fork? It’s hard to imagine, but maybe > somewhere someone is. And then it’s not about just reseeding, but > what about when (if) we add other things, like whether or not the > secure arena gets zero’d in a child? > > So let me phrase it this way: does anyone object to changing the > default so NO_ATFORK must be used to avoid the reseeding and other > things we might add later?
It's difficult to think of what circumstances this might break existing code? What scenario did you have in mind? Even if it does break something obscure, I think this is a case where security-by-default takes precedence. Matt -- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
