Hi,
the combination of software you use works fine for me on solaris 8.
However, when using these versions, I faced the following probelm:
- apache wont start up with the option SSLRandomSeed startup builtin enabled. I
then installed the package ANDIrand-0.7-5.8-sparc-1.pkg from
http://www.cosy.sbg.ac.at/~andi/; which provides a /dev/random resp. /dev/urandom.
Using this (SSLRandomSeed startup file:/dev/urandom 1024) my apache starts up fine.
So:
- Does OpenBSD have a /dev/urandom? - Try using it-
- If not, maybe the package I stated above is available for OpenBSD as well.
Kind regards,
B. Courtin
BTW: For all those using mm: Please notice that there is a security bug in mm
version 1.2.1 as well which was announced on Jul 30 2002? Have a look here:
Advisory: http://www.openpkg.org/security/OpenPKG-SA-2002.007-mm.html (CERT ID
2002-453dcert).
You can get the latest version of mm here: http://www.ossp.org/pkg/lib/mm/
-Original Message-
From: cbenn [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, July 31, 2002 7:10 PM
To: [EMAIL PROTECTED]
Subject: PRNG errors
Hello everyone.
I just upgraded my OpenSSL yesterday from 9.6c to 9.6e, then recompiled my
mod_ssl-2.8.10-1.3.26 and Apache on OpenBSD 3.0. Everything seemed to go
fine, but now all my https request are unable to connect. According to all
the docs I've seen the error message suggest changing the SSLRandomSeed
setting in the httpd.conf, however I've tried various setting, see the new
value for the Seeding PRNG line in the log, but the handshake still
fails with the same error message. Can anyone suggest anything else that
maybe the issue.
Thanks,
benn
From httpd.conf
# Pseudo Random Number Generator (PRNG):
SSLRandomSeed startup builtin
SSLRandomSeed connect builtin
From ssl_engine_log
[31/Jul/2002 09:49:00 30490] [info] Connection to child 3 established
(server www.host.com:443, client 127.0.0.1)
[31/Jul/2002 09:49:00 30490] [info] Seeding PRNG with 1160 bytes of
entropy
[31/Jul/2002 09:49:00 30490] [error] SSL handshake failed (server
www.host.com:443, client 127.0.0.1) (OpenSSL library error follows)
[31/Jul/2002 09:49:00 30490] [error] OpenSSL: error:24064064:random number
generator:SSLEAY_RAND_BYTES:PRNG not seeded
[31/Jul/2002 09:49:00 30490] [error] OpenSSL: error:24064064:random number
generator:SSLEAY_RAND_BYTES:PRNG not seeded
[31/Jul/2002 09:49:00 30490] [error] OpenSSL: error:24064064:random number
generator:SSLEAY_RAND_BYTES:PRNG not seeded
[31/Jul/2002 09:49:00 30490] [error] OpenSSL: error:1409B005:SSL
routines:SSL3_SEND_SERVER_KEY_EXCHANGE:bad asn1 object header
__
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager[EMAIL PROTECTED]
__
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager[EMAIL PROTECTED]
