Cannot choose random device for SSL
I think that there should be an option in lighttpd to choose which pseudo-random generator the server should use: on most systems, /dev/random is insufficient for SSL usage, because although it generates high-quality random numbers, it's too slow to keep up with ssl requests. One should be able to use /dev/urandom, that generates lower quality randomness, but is far faster.
See http://www.modssl.org/docs/2.8/ssl_reference.html#ToC4 for reference.
Updated by gstrauss over 1 year ago
- Priority changed from High to Normal
- Target version set to 1.4.x
Many open source operating systems provide a "randomness device" (/dev/urandom or /dev/random) that serves this purpose. All OpenSSL versions try to use /dev/urandom by default; starting with version 0.9.7, OpenSSL also tries /dev/random if /dev/urandom is not available.
Modern CPUs have hardware RNGs built in.
By default, OpenSSL will use the RDRANG engine to generate random numbers if the hardware is available. The behavior has been changed, but the change is only available through git at the moment. If you are concerned with RDRANG tampering, then see the discussion of ENGINEs and RDRAND.
If you have OpenSSL 1.0.1 and a machine with 3rd generation Core i5 or i7 processor (Ivy Bridge), then the Intel Secure Key Technology (formerly called Bull Mountain) [disclaimer] is available to you.
Keeping this open as a feature request to explicitly enable specifying use of RDRANG engine with hardware RNG.
I understand this request to be asking for something similar to the Apache SSLRandomSeed directive
- Status changed from New to Missing Feedback
Modern SSL libraries should handle this.
If more explicit configuration of the SSL libraries is needed for choosing random device, then please comment here, though such a request would likely be folded into a more generic feature request surrounding SSL library configuration in general.
Also available in: Atom