[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[gnutls-dev] gnutls_rsa_params_init hangs. Is regenerating rsa-params on

From: Andreas Metzler
Subject: [gnutls-dev] gnutls_rsa_params_init hangs. Is regenerating rsa-params once a day to frequent?
Date: Tue, 14 Dec 2004 12:03:21 +0100
User-agent: Mutt/1.5.6+20040907i

exim4 uses gnutls for TLS/SSL and we (on Debian) have chosen to
configure it to regenerate rsa and dh params once a day. However
promptly after this change we received a bug-report[1] telling us that
exim just hang. Further analysis showed that

gnutls_rsa_params_generate2(rsa_params, 512);

got stuck on his system, waiting indefinitely for new data to appear
in /dev/random.

I am a little bit at loss on how to deal with this. Is "once a day"
too frequent as a default value?

Can (Should) gnutls_rsa_params_generate2 deal more gracefully with
systems with little data in /dev/random (by using urandom after a
timeout or supporting alternative entropy gathering devices?)

Is exim faulty for running gnutls_rsa_params_generate2 while handling
an incoming connection? (Not faulty as in in "not optimal" but as in
"the stupiest idea I've ever heard of, everybody using gnutls seriously
knows that you put running gnutls_rsa_params_generate2 in a separate
little thread/program")

The bug submitter is running Linux kernel 2.6.8-something if that is
of any help.
          thanks, cu andreas
[1] <>. 
"See, I told you they'd listen to Reason," [SPOILER] Svfurlr fnlf,
fuhggvat qbja gur juveyvat tha.
Neal Stephenson in "Snow Crash"

Attachment: signature.asc
Description: Digital signature

reply via email to

[Prev in Thread] Current Thread [Next in Thread]