tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Markus Schönhaber <tomcat-us...@list-post.mks-mail.de>
Subject Re: APR & SSL not working
Date Mon, 01 Sep 2008 10:23:19 GMT
Gregor Schneider wrote:

> The solution was:
> 
> - create an .rnd-file within the user-space:
> 
> openssl rand -out $HOME/.rnd 2048
> 
> - compile the APR with /dev/urandom:
> 
> ./configure --with-apr=/usr/bin/apr-1-config \\
>                     --with-devrandom=/dev/urandom \\
>                     --prefix=/home/tomcat/www/lib
> 
> make && make install
> 
> Now it seems to work like charm.

If you configure APR to use /dev/urandom, creating a static ranndom file 
shouldn't be necessary.

BTW: in Tomcat 6 (starting with 6.0.17?) the AprLifecycleListener 
supports the attribute SSLRandomSeed:
<http://tomcat.apache.org/tomcat-6.0-doc/ssl-howto.html#Edit%20the%20Tomcat%20Configuration%20File>
This is supposed to set the random source used by APR. As I understand 
it (haven't tried it myself) one should be able to set this, for 
example, to /dev/urandom or a static random file and speed things up 
even if APR was compiled with /dev/random as default random source.

Regards
   mks

---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message