Welcome! Log In Create A New Profile

Advanced

SSL Randomness Source

All files from this thread

File Name File Size   Posted by Date  
smime.p7s 5.7 KB open | download Dave Barton 07/14/2010 Read message
smime.p7s 5.7 KB open | download Dave Barton 07/14/2010 Read message
Dave Barton
July 14, 2010 08:16AM
We currently run nginx on the majority of our internet-facing webservers
and we process a lot of SSL traffic. That's a lot of SSL handshakes and
a lot of entropy required. To help with this, we've bought some USB
pseudo-random entropy generating keys. These basically give the server a
fast source of entropy, which can be accessed via /dev/random.

In Apache, the SSL configuration includes a directive 'SSLRandomSeed'
which allows you to define a source for randomness, with the default
being 'builtin' which uses some Apache internals as a PRNG. It includes
options to use a filesystem location (/dev/random for example) or an egd
(entropy daemon) source.

Can anyone tell me where nginx SSL gets its entropy from by default and
whether it can be changed?

Cheers

Dave

_______________________________________________
nginx mailing list
nginx@nginx.org
http://nginx.org/mailman/listinfo/nginx
Attachments:
open | download - smime.p7s (5.7 KB)
Subject Author Posted

SSL Randomness Source Attachments

Dave Barton July 14, 2010 08:16AM

Re: SSL Randomness Source

Igor Sysoev July 14, 2010 08:50AM

Re: SSL Randomness Source Attachments

Dave Barton July 14, 2010 09:04AM



Sorry, only registered users may post in this forum.

Click here to login

Online Users

Guests: 141
Record Number of Users: 8 on April 13, 2023
Record Number of Guests: 500 on July 15, 2024
Powered by nginx      Powered by FreeBSD      PHP Powered      Powered by MariaDB      ipv6 ready