Welcome! Log In Create A New Profile

Advanced

Re: SSL Randomness Source

All files from this thread

File Name File Size   Posted by Date  
smime.p7s 5.7 KB open | download Dave Barton 07/14/2010 Read message
smime.p7s 5.7 KB open | download Dave Barton 07/14/2010 Read message
July 14, 2010 08:50AM
On Wed, Jul 14, 2010 at 01:11:37PM +0100, Dave Barton wrote:

> We currently run nginx on the majority of our internet-facing webservers
> and we process a lot of SSL traffic. That's a lot of SSL handshakes and
> a lot of entropy required. To help with this, we've bought some USB
> pseudo-random entropy generating keys. These basically give the server a
> fast source of entropy, which can be accessed via /dev/random.
>
> In Apache, the SSL configuration includes a directive 'SSLRandomSeed'
> which allows you to define a source for randomness, with the default
> being 'builtin' which uses some Apache internals as a PRNG. It includes
> options to use a filesystem location (/dev/random for example) or an egd
> (entropy daemon) source.
>
> Can anyone tell me where nginx SSL gets its entropy from by default and
> whether it can be changed?

nginx uses OpenSSL default entropy source. On Unix systems OpenSSL tries
to use /dev/urandom, /dev/random, /dev/srandom one after another.
On FreeBSD /dev/urandom is symlink to /dev/random.


--
Igor Sysoev
http://sysoev.ru/en/

_______________________________________________
nginx mailing list
nginx@nginx.org
http://nginx.org/mailman/listinfo/nginx
Subject Author Posted

SSL Randomness Source Attachments

Dave Barton July 14, 2010 08:16AM

Re: SSL Randomness Source

Igor Sysoev July 14, 2010 08:50AM

Re: SSL Randomness Source Attachments

Dave Barton July 14, 2010 09:04AM



Sorry, only registered users may post in this forum.

Click here to login

Online Users

Guests: 160
Record Number of Users: 8 on April 13, 2023
Record Number of Guests: 500 on July 15, 2024
Powered by nginx      Powered by FreeBSD      PHP Powered      Powered by MariaDB      ipv6 ready