httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "MATHIHALLI,MADHUSUDAN (HP-Cupertino,ex1)" <madhusudan_mathiha...@hp.com>
Subject RE: Filters : mod_ssl - WORKS
Date Thu, 12 Jul 2001 17:43:14 GMT
I've not changed the PRNG portion of the code in ssl_engine_rand.c [mod_ssl]
- I believe it can do both - use the PRNG of OpenSSL and can also generate
it's own.

In regards to the Mutex, it's still work in progress - do you have any
suggestions ?.

Madhu

-----Original Message-----
From: Justin Erenkrantz [mailto:jerenkrantz@ebuilt.com]
Sent: Thursday, July 12, 2001 9:38 AM
To: new-httpd@apache.org
Subject: Re: Filters : mod_ssl - WORKS


On Thu, Jul 12, 2001 at 08:40:58AM -0700, MATHIHALLI,MADHUSUDAN
(HP-Cupertino,ex1) wrote:
> #   Semaphore:
> #   Configure the path to the mutual explusion semaphore the
> #   SSL engine uses internally for inter-process synchronization.
> SSLMutex  file:/opt/apache2s/logs/ssl_mutex

Without having looked at the code, can mod_ssl rely on the mutexes in
APR?

> #   Pseudo Random Number Generator (PRNG):
> #   Configure one or more sources to seed the PRNG of the
> #   SSL library. The seed data should be of good random quality.
> #   WARNING! On some platforms /dev/random blocks if not enough entropy
> #   is available. This means you then cannot use the /dev/random device
> #   because it would lead to very long connection times (as long as
> #   it requires to make more entropy available). But usually those
> #   platforms additionally provide a /dev/urandom device which doesn't
> #   block. So, if available, use this one instead. Read the mod_ssl User
> #   Manual for more details.
> SSLRandomSeed startup builtin
> SSLRandomSeed connect builtin
> #SSLRandomSeed startup file:/dev/random  512
> #SSLRandomSeed startup file:/dev/urandom 512
> #SSLRandomSeed connect file:/dev/random  512
> #SSLRandomSeed connect file:/dev/urandom 512

Are you just using the PRNG in OpenSSL?  Or, is there a PRNG in mod_ssl?
-- justin

Mime
View raw message