> From: openssl-users [mailto:openssl-users-boun...@openssl.org] On Behalf Of > Jason Qian via openssl-users > Sent: Wednesday, September 27, 2017 07:00 > To: openssl-users@openssl.org > Subject: [openssl-users] DH_generate_key Hangs
> Need some help, one of our application that hangs when calling > DH_generate_key (openssl-0.9.8y). This occurs randomly under loaded > condition. > Not sure, if anyone know this issue ? The issue is running OpenSSL 0.9.8, which has not been supported since 2015. DH_generate_key can use an engine (at least in supported versions of OpenSSL - I no longer have any 0.9.8 code around to check), so we really can't say what it might be doing in your application. But if it's using the default OpenSSL implementation, then if your DH parameters don't already include a private key, you'll end up generating random numbers. That can hang, if OpenSSL is using a blocking CPRNG source such as /dev/random. But you haven't provided nearly enough information to do more than speculate. What you need to do: 1. Upgrade to OpenSSL 1.0.2 (or possibly 1.1.0, but that has API changes and isn't an LTS release). There's really no point in proceeding unless you do so. Your application is broken if it's using 0.9.8. 2. If the problem still occurs, debug a hanging instance and find out where *exactly* it's hung. -- Michael Wojcik Distinguished Engineer, Micro Focus -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
