SSL/TLS entropy problem, aka pops timeouts (was: sasl ldap problem)

Bernhard Reiter bernhard at intevation.de
Fri Nov 17 09:24:22 CET 2006


Hi Divan,

On Friday 17 November 2006 08:46, Divan Santana wrote:
> I am glad to contribute this fix back. I hope someone finds it useful.
> I think it might be kubuntu specific.
>
> http://www.kolab.org/pipermail/kolab-users/2006-February/004394.html
> mv /dev/random /dev/random.backup
> ln -s /dev/urandom /dev/random

note that doing this is likely to weaken the encryption of your SSL and TLS
connections. The applications that need higher quality entropy will use
/dev/random and might now get lower quality.

See http://en.wikipedia.org/wiki//dev/random
for the differences of /dev/random and /dev/urandom.

A better fix probably is to add a hardware entropy generator
or to find out why the entropy is empty.

> Can't believe that fixed it. I don't quite understand but at least its
> working.
>
> Now POP doesn't time out randomly etc.

If /dev/random does not have enough entropy ready it will block
and thus cause a timeout.

Bernhard

-- 
Managing Director - Owner, www.intevation.net       (Free Software Company)
Germany Coordinator, fsfeurope.org       (Non-Profit Org for Free Software)
www.kolab-konsortium.com   (Email/Groupware Solution, Professional Service)
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 1310 bytes
Desc: not available
URL: <http://lists.kolab.org/pipermail/users/attachments/20061117/a36ad98e/attachment.p7s>


More information about the users mailing list