SSL/TLS entropy problem, aka pops timeouts (was: sasl ldap problem)
Stéphane Konstantaropoulos
skonstant at sgul.ac.uk
Fri Nov 17 14:30:18 CET 2006
Le vendredi 17 nov 2006 08:24, Bernhard Reiter a écrit :
> Hi Divan,
>
> On Friday 17 November 2006 08:46, Divan Santana wrote:
> > I am glad to contribute this fix back. I hope someone finds it useful.
> > I think it might be kubuntu specific.
> >
> > http://www.kolab.org/pipermail/kolab-users/2006-February/004394.html
> > mv /dev/random /dev/random.backup
> > ln -s /dev/urandom /dev/random
>
> note that doing this is likely to weaken the encryption of your SSL and TLS
> connections. The applications that need higher quality entropy will use
> /dev/random and might now get lower quality.
>
> See http://en.wikipedia.org/wiki//dev/random
> for the differences of /dev/random and /dev/urandom.
>
> A better fix probably is to add a hardware entropy generator
> or to find out why the entropy is empty.
>
> > Can't believe that fixed it. I don't quite understand but at least its
> > working.
> >
> > Now POP doesn't time out randomly etc.
>
> If /dev/random does not have enough entropy ready it will block
> and thus cause a timeout.
>
> Bernhard
Right so, use /dev/hw_random if you want good quality and high speed at the
same time, all recent intel, AMD and Via processors have such a device.
You need to load hw_random module, or amd-rng or intel-rng on newer kernels.
(add the modrprobe command to your init scripts and you'll be sorted)
--
Stéphane Konstantaropoulos <skonstant at sgul.ac.uk>
-- Web Developer - Computing Services
--- St George's University of London
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
URL: <http://lists.kolab.org/pipermail/users/attachments/20061117/99b07706/attachment.sig>
More information about the users
mailing list