Re: [SSI-devel] Apache gets stuck on startup

[John B. <joh...@hp...>]

Roger Tsang wrote:
>>#   block. So, if available, use this one instead. Read the mod_ssl User
>>#   Manual for more details.
>>SSLRandomSeed startup file:/dev/urandom  256
>>SSLRandomSeed connect builtin
>>#SSLRandomSeed startup file:/dev/random  512
>>#SSLRandomSeed connect file:/dev/random  512
>>#SSLRandomSeed connect file:/dev/urandom 512
>>
>>As you can see, the "out-of-the-box" setup on my system uses urandom to
>>initialize and the builtin PRNG for ongoing connections. From the
>>comment, it might be okay to use /dev/random to for startup, but using
>>it for connections would be bad.
>>
>>Once I set my httpd to use /dev/random, I could produce the hang. I
>>could also get past it by doing "onnode 3 ls" a couple of times; so the
>>hooks in ICS are apparently working. I'm really not sure what to do to
>>provide more "entropy" on the client nodes, so for the moment use
>>/dev/urandom.
>>
>>John Byrne
>>
> 
> 
> Good point.  I'll try the new default ssl options.  I suppose you may
> be curious what I have in my config.  It probably inherited the older
> Apache ssl defaults from way back in stone age - not that this
> particular section needed change earlier.
> 
> #   it requires to make more entropy available). But usually those
> #   platforms additionally provide a /dev/urandom device which doesn't
> #   block. So, if available, use this one instead. Read the mod_ssl User
> #   Manual for more details.
> SSLRandomSeed startup builtin
> SSLRandomSeed connect builtin
> #SSLRandomSeed startup file:/dev/random  512
> #SSLRandomSeed startup file:/dev/urandom 512
> #SSLRandomSeed connect file:/dev/random  512
> #SSLRandomSeed connect file:/dev/urandom 512
> 
> -Roger
> 

I am confused. I don't see why apache used /dev/random for SSL since it 
says builtin for startup and connect. Maybe the problem is in some other 
module: look for /dev/random in the other conf files in the directory.

John