httpd-bugs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From bugzi...@apache.org
Subject DO NOT REPLY [Bug 40513] New: - Seeding PRNG with 0 bytes of entropy
Date Thu, 14 Sep 2006 20:45:44 GMT
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG·
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://issues.apache.org/bugzilla/show_bug.cgi?id=40513>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND·
INSERTED IN THE BUG DATABASE.

http://issues.apache.org/bugzilla/show_bug.cgi?id=40513

           Summary: Seeding PRNG with 0 bytes of entropy
           Product: Apache httpd-2
           Version: 2.3-HEAD
          Platform: Macintosh
        OS/Version: Mac OS X 10.4
            Status: NEW
          Severity: normal
          Priority: P2
         Component: mod_ssl
        AssignedTo: bugs@httpd.apache.org
        ReportedBy: rutski89@gmail.com


I installed apache 2.2 with mod_ssl today on a local computer for development
purposes and decided to have a peek at the logs just for fun. When I saw
"Seeding PRNG with 0 bytes of entropy" I was amused and at the same time
somewhat frightened.

Below is a copy of my config file and what follows after that are the relevant
log entries for a single fetch of "http://localhost/" via Safari.

===============================================================
===============
ServerRoot "/opt/apache2"

Listen 80
Listen 443

User  opt-www
Group opt-www

LoadModule perl_module  modules/mod_perl.so
LoadModule logio_module modules/mod_logio.so

<Directory />
    Options None
    AllowOverride None
</Directory>

<FilesMatch "^\.ht">
    Order allow,deny
    Deny from all
    Satisfy All
</FilesMatch>

SSLRandomSeed           startup file:/dev/random  512
SSLRandomSeed           connect file:/dev/random  512
SSLSessionCache         shmcb:/opt/apache2/ssl/ssl_scache(512000)
SSLSessionCacheTimeout  300
SSLMutex                file:/opt/apache2/ssl/ssl_mutex

LogLevel  info
LogFormat "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b" ssl_log_format
LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" %I %O"

NameVirtualHost *:80

<VirtualHost *:80>
    ServerAdmin  rutski89@gmail.com
    DocumentRoot /opt/var/www/localhost/htdocs
    ServerName   localhost
    ServerAlias  mini

    Loglevel     debug
    ErrorLog     /opt/var/www/localhost/logs/error_log
    TransferLog  /opt/var/www/localhost/logs/access_log

    ScriptAlias /cgi-bin/ "/opt/var/www/localhost/cgi-bin/"
</VirtualHost>

<VirtualHost *:443>
    SSLEngine             on
    SSLCertificateFile    /opt/var/www/localhost-ssl/ssl/server.crt
    SSLCertificateKeyFile /opt/var/www/localhost-ssl/ssl/server.key

    ServerAdmin  rutski89@gmail.com
    DocumentRoot /opt/var/www/localhost-ssl/htdocs
    ServerName   localhost
    ServerAlias  mini

    Loglevel     info
    ErrorLog     /opt/var/www/localhost-ssl/logs/error_log
    TransferLog  /opt/var/www/localhost-ssl/logs/access_log
    CustomLog    /opt/var/www/localhost-ssl/logs/ssl_log ssl_log_format
    
    <Directory /opt/var/www/localhost-ssl/htdocs>
        Options Indexes
    </Directory>

    BrowserMatch ".*MSIE.*" \
        nokeepalive ssl-unclean-shutdown \
        downgrade-1.0 force-response-1.0
</VirtualHost>
===============================================================
===============

There's no imminent danger since this is just a local dev box but I  
would like to get to the bottom of this 0 PRNG seed weirdness anyway;  
just blame human curiosity.

(Note: The offending log entry is on the 2nd line of error_log)

===============================================================
===============
==access_log==

::1 - - [14/Sep/2006:12:52:11 -0400] "GET / HTTP/1.1" 200 209 "-"  
"Mozilla/5.0 (Macintosh; U; PPC Mac OS X; en) AppleWebKit/418.8  
(KHTML, like Gecko) Safari/419.3" 569 1359
::1 - - [14/Sep/2006:12:52:11 -0400] "GET /favicon.ico HTTP/1.1" 200  
- "-" "Mozilla/5.0 (Macintosh; U; PPC Mac OS X; en) AppleWebKit/418.8  
(KHTML, like Gecko) Safari/419.3" 320 362

==error_log==

[Thu Sep 14 12:52:11 2006] [info] [client ::1] Connection to child 5  
established (server localhost:443)
[Thu Sep 14 12:52:11 2006] [info] Seeding PRNG with 0 bytes of entropy
[Thu Sep 14 12:52:11 2006] [info] Client requested a 'session-resume'  
but we have no such session.
[Thu Sep 14 12:52:11 2006] [info] Initial (No.1) HTTPS request  
received for child 5 (server localhost:443)
[Thu Sep 14 12:52:11 2006] [info] Subsequent (No.2) HTTPS request  
received for child 5 (server localhost:443)
[Thu Sep 14 12:52:16 2006] [info] [client ::1] (70007)The timeout  
specified has expired: SSL input filter read failed.
[Thu Sep 14 12:52:16 2006] [info] [client ::1] Connection closed to  
child 5 with standard shutdown (server localhost:443)

==ssl_log==

[14/Sep/2006:12:52:11 -0400] ::1 TLSv1 RC4-SHA "GET / HTTP/1.1" 209
[14/Sep/2006:12:52:11 -0400] ::1 TLSv1 RC4-SHA "GET /favicon.ico HTTP/1.1" -
===============================================================
===============

-- 
Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.

---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org


Mime
View raw message