SSL Randomness Source

Dave Barton dave.barton at
Wed Jul 14 16:11:37 MSD 2010

We currently run nginx on the majority of our internet-facing webservers 
and we process a lot of SSL traffic. That's a lot of SSL handshakes and 
a lot of entropy required. To help with this, we've bought some USB 
pseudo-random entropy generating keys. These basically give the server a 
fast source of entropy, which can be accessed via /dev/random.

In Apache, the SSL configuration includes a directive 'SSLRandomSeed' 
which allows you to define a source for randomness, with the default 
being 'builtin' which uses some Apache internals as a PRNG. It includes 
options to use a filesystem location (/dev/random for example) or an egd 
(entropy daemon) source.

Can anyone tell me where nginx SSL gets its entropy from by default and 
whether it can be changed?



-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 5860 bytes
Desc: S/MIME Cryptographic Signature
URL: <>

More information about the nginx mailing list