How does nginx handle random seed for ssl connections?
Igor Sysoev
is at rambler-co.ru
Tue Aug 5 09:51:06 MSD 2008
On Tue, Aug 05, 2008 at 12:42:45AM +0200, Alexander Piavlo wrote:
> Is there a apache's SSLRandomSeed alternative in nginx?
> I just want to make nginx use specific device like /dev/urandom or
> /dev/random. All i could see that nginx code uses srandom() a pseudo
> random generator.
There is no SSLRandomSeed like directive, but it can be easily added.
nginx does not use srandom() for OpenSSL, it relies on OpenSSL default
random seeding. On Unix platforms OpenSSL tries "/dev/urandom",
"/dev/random", and "/dev/srandom". Therefore SSLRandomSeed is required only
for platforms that have no /dev/*random.
--
Igor Sysoev
http://sysoev.ru/en/
More information about the nginx
mailing list