Project

General

Profile

Feature #1474

Cannot choose random device for SSL

Added by Anonymous about 10 years ago. Updated about 1 month ago.

Status:
Missing Feedback
Priority:
Low
Assignee:
-
Category:
TLS
Target version:
Start date:
Due date:
% Done:

0%

Estimated time:
Missing in 1.5.x:

Description

I think that there should be an option in lighttpd to choose which pseudo-random generator the server should use: on most systems, /dev/random is insufficient for SSL usage, because although it generates high-quality random numbers, it's too slow to keep up with ssl requests. One should be able to use /dev/urandom, that generates lower quality randomness, but is far faster.

See http://www.modssl.org/docs/2.8/ssl_reference.html#ToC4 for reference.

-- me

History

#1

Updated by Anonymous about 10 years ago

On OpenBSD this should be /dev/arandom.

#2

Updated by gstrauss over 1 year ago

  • Tracker changed from Bug to Feature
  • Description updated (diff)
  • Assignee deleted (jan)
  • Priority changed from Normal to High
  • Target version deleted (1.5.0)

Not a bug. This is a feature request, albeit a good one.

#3

Updated by gstrauss over 1 year ago

  • Category changed from core to TLS

(moving to TLS category, though there are other modules that use /dev/random and probably should have an option to use other RNGs)

#4

Updated by gstrauss about 1 year ago

  • Priority changed from High to Normal
  • Target version set to 1.4.x

https://www.openssl.org/docs/faq.html

Many open source operating systems provide a "randomness device" (/dev/urandom or /dev/random) that serves this purpose. All OpenSSL versions try to use /dev/urandom by default; starting with version 0.9.7, OpenSSL also tries /dev/random if /dev/urandom is not available.

Modern CPUs have hardware RNGs built in.

https://wiki.openssl.org/index.php/Random_Numbers

By default, OpenSSL will use the RDRANG engine to generate random numbers if the hardware is available. The behavior has been changed, but the change is only available through git at the moment. If you are concerned with RDRANG tampering, then see the discussion of ENGINEs and RDRAND.

If you have OpenSSL 1.0.1 and a machine with 3rd generation Core i5 or i7 processor (Ivy Bridge), then the Intel Secure Key Technology (formerly called Bull Mountain) [disclaimer] is available to you.

https://wiki.openssl.org/index.php/Library_Initialization#ENGINEs_and_RDRAND

.

Keeping this open as a feature request to explicitly enable specifying use of RDRANG engine with hardware RNG.
I understand this request to be asking for something similar to the Apache SSLRandomSeed directive
https://httpd.apache.org/docs/current/en/mod/mod_ssl.html#sslrandomseed

#5

Updated by gstrauss 12 months ago

  • Priority changed from Normal to Low
#6

Updated by gstrauss about 1 month ago

  • Status changed from New to Missing Feedback

Modern SSL libraries should handle this.

If more explicit configuration of the SSL libraries is needed for choosing random device, then please comment here, though such a request would likely be folded into a more generic feature request surrounding SSL library configuration in general.

Also available in: Atom