This is User FAQ #1: http://openssl.org/support/faq.html#USER1
You must provide a source of entropy -- that is, randomness -- to OpenSSL in order for it to provide any kind of security at all. This can be done by setting the RANDFILE environment variable in the service process, and filling that file with at least 128 bits (preferably at least 1024 bytes) of random data. (If you don't know what random data to use, try creating a bunch of keys with 'openssl rsagen', concatenating all of them, and saving that as the %RANDFILE% contents. If that doesn't work, take some random user documents and use those. It doesn't matter -- as long as it's not known to anyone else what the contents are. (Preferably, only SYSTEM and the service account will have read access -- even Administrators shouldn't.) Make sure that file is readable and writable by the service process, and don't just point RANDFILE at a user's file -- copy whatever you want into where you want it to be, and then use that copy. OpenSSL will write its random state out to that file as well. -Kyle H On Tue, Mar 17, 2009 at 4:33 AM, shadi jawhar <shadi_jaw...@hotmail.com> wrote: > Hello, > We spent 5 days researchng and trying. > We have an Ecommerce simple applocation that uses link point to process > orders. > We installed OPEN SSL As it is required. > When the application tries to process order using the com objects, we are > getting: > > SSLEAY_RAND_BYTES:PRNG not seeded > > > <r_error> Unable to connect to server. ERRs: wsa=0 err=604389476 ssl=0 > sys=0. INFO: ACE_SSL (50872|61532) error code: 604389476 - > error:24064064:random number generator:SSLEAY_RAND_BYTES:PRNG not seeded > </r_error> > > Please help > > > ________________________________ > What can you do with the new Windows Live? Find out ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
