SSL Randomness Source
Dave Barton
dave.barton at comodo.com
Wed Jul 14 16:11:37 MSD 2010
We currently run nginx on the majority of our internet-facing webservers
and we process a lot of SSL traffic. That's a lot of SSL handshakes and
a lot of entropy required. To help with this, we've bought some USB
pseudo-random entropy generating keys. These basically give the server a
fast source of entropy, which can be accessed via /dev/random.
In Apache, the SSL configuration includes a directive 'SSLRandomSeed'
which allows you to define a source for randomness, with the default
being 'builtin' which uses some Apache internals as a PRNG. It includes
options to use a filesystem location (/dev/random for example) or an egd
(entropy daemon) source.
Can anyone tell me where nginx SSL gets its entropy from by default and
whether it can be changed?
Cheers
Dave
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 5860 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://nginx.org/pipermail/nginx/attachments/20100714/48112df5/attachment.bin>
More information about the nginx
mailing list