httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Aaron Bannert <aa...@clove.org>
Subject Re: [PATCH] get mod_ssl to work again
Date Thu, 20 Dec 2001 18:24:17 GMT
On Thu, Dec 20, 2001 at 10:17:13AM -0800, Doug MacEachern wrote:
> that function was derived from mod_ssl-1.xx and have learned some
> things since.  i recently noticed OpenSSL internally calls
> RAND_seed(time()) during negotiation.  so i was planning to remove that
> same call from modssl or at least change it to use r->request_time.
> (main goal: getting rid of time() and getpid() syscalls on every connect)
> 
> since flood only seeds at startup time, might be better for you just to
> use apr_generate_random_bytes().  don't want to use that in modssl for
> 'SSLRandomSeed builtin connect', since /dev/random blocking will be too
> slow for every connect.  but will probably change it to use that for
> 'SSLRandomSeed builtin startup'.

/dev/urandom won't block, so maybe we could live with that once per
request and use the /dev/random for startup.

-aaron

Mime
View raw message