Re: [users@httpd] Httpd is hanging intermittently

2021-09-25 Thread alchemist vk 
Thanks Dewitt for the links. These are very useful.
Will check with our kernel team on the instructions/points made in the
given links and will try to find a workaround to resove httpd hanging.
Thanks a lot for your help.

With Regards,
Venkatesh

On Fri, Sep 24, 2021 at 9:57 PM Otis Dewitt - NOAA Affiliate
 wrote:

> I did not find many but here are some notes for Yocto.
>
> 1.)
> http://ch.ege.io/blog/2015/05/04/using-h-slash-w-randaom-generator-on-odrod-c1-with-yocto/
> 2.)  https://wiki.yoctoproject.org/wiki/Entropy_on_Autobuilders
>
> Thanks,
> Otis
>
> On Fri, Sep 24, 2021 at 9:14 AM alchemist vk 
> wrote:
>
>> Thanks Dewitt for very thorough and insightful explanation. We are using
>> Yocto packaged linux version with openssl version being OpenSSL 1.1.1k-fips
>>  25 Mar 2021.
>>
>> With Regards,
>> Venkatesh
>>
>> On Fri, Sep 24, 2021 at 12:11 AM Otis Dewitt - NOAA Affiliate
>>  wrote:
>>
>>> No problem Venkatesh.
>>>
>>> No, I don't know how to generate entropy in Apache because I think
>>> Apache uses the system entropy.
>>> You can check how many are available via: "cat
>>> /proc/sys/kernel/random/entropy_avail".
>>>
>>> Under the system I know of two different packages, one *rngd *and the
>>> other *haveged.*
>>>
>>> The *rngd* daemon, which is a part of the rng-tools package, is capable
>>> of using both environmental noise and hardware random number generators for
>>> extracting entropy. The daemon checks whether the data supplied by the
>>> source of randomness is sufficiently random and then stores it in the
>>> kernel's random-number entropy pool. The random numbers it generates are
>>> made available through the /dev/random and /dev/urandom character
>>> devices.
>>>
>>> The *haveged *project is an attempt to provide an easy-to-use,
>>> unpredictable random number generator based upon an adaptation of the
>>> HAVEGE  algorithm. Haveged
>>> was created to remedy low-entropy conditions in the Linux random device
>>> that can occur under some workloads, especially on headless servers.
>>> Current development of haveged is directed towards improving overall
>>> reliability and adaptability while minimizing the barriers to using haveged
>>> for other tasks.
>>>
>>> What OS are you using? Redhat CentOS etc . . .
>>>
>>>
>>> On Thu, Sep 23, 2021 at 2:06 PM alchemist vk 
>>> wrote:
>>>
 Thanks Dewitt for your inputs.
 Will check from system perspective how to generate more entropy and
 resolve this issue.

 Do you know, how to generate more entropy in system or via apache so
 that it can never be deprived of entropy?

 With Regards,
 Venkatesh

 On Thu, Sep 23, 2021 at 8:46 PM Otis Dewitt - NOAA Affiliate
  wrote:

> Hmm I see, I not sure why you did not get this right away when
> switching from openssl to openssl-fips because FIPS require a lot of 
> entropy
> and if this is on VMWARE, that has very poor entropy unless you use
> entropy generator like "*haveged*" or load *virtio_rng *kernel module.
> As I said before I am not sure how you will fix this without
> generating more entropy, it seems the system is unable to create enough 
> and
> there is no way around this.
>
>
> On Thu, Sep 23, 2021 at 1:15 AM alchemist vk 
> wrote:
>
>> Thanks *Jon *for openssl command confirmation.
>> *@ylavik*,
>>  Its linux OS and openssl version is 1.1.1k-fips. I not yet
>> explored with SSLRandomSeed changes.
>>  Yes, we upgraded openssl few months back to 1.1.1k, but we are
>> seeing this httpd hangs issue from last month.
>>
>> *@otis Dewitt*, Since its production code in systems, I cant install
>> haveged and try it out.
>>
>>
>> On Thu, Sep 23, 2021 at 4:57 AM Otis Dewitt - NOAA Affiliate
>>  wrote:
>>
>>>
>>> I don't think "insufficient entropy" has anything to do with Apache,
>>> but you could try installing "haveged" rpm.
>>> That may solve your problem.
>>>
>>> On Wed, Sep 22, 2021 at 2:11 PM alchemist vk 
>>> wrote:
>>>
 Hi All,
  We are using httpd version 2.4.46 and its working fine for a long
 time. But recently, we started seeing an issue where apache hangs
 indefinitely even when the system is in idle state.
 And when apache hangs, I see below entries in error_log:
 [Tue Sep 21 22:05:53.243013 2021] [ssl:warn] [pid 5769:tid
 2644435888] AH01990: Server: PRNG still contains insufficient entropy!
 [Tue Sep 21 22:05:54.501476 2021] [ssl:warn] [pid 5769:tid
 2787111856] AH01990: Server: PRNG still contains insufficient entropy!
 [Tue Sep 21 22:05:54.502449 2021] [ssl:warn] [pid 5769:tid
 2787111856] AH01990: Server: PRNG still contains insufficient entropy!
 ...
 
 

 I am pretty sure, we not changed anything related to

Re: [users@httpd] Httpd is hanging intermittently

2021-09-24 Thread Otis Dewitt - NOAA Affiliate 
I did not find many but here are some notes for Yocto.

1.)
http://ch.ege.io/blog/2015/05/04/using-h-slash-w-randaom-generator-on-odrod-c1-with-yocto/
2.)  https://wiki.yoctoproject.org/wiki/Entropy_on_Autobuilders

Thanks,
Otis

On Fri, Sep 24, 2021 at 9:14 AM alchemist vk  wrote:

> Thanks Dewitt for very thorough and insightful explanation. We are using
> Yocto packaged linux version with openssl version being OpenSSL 1.1.1k-fips
>  25 Mar 2021.
>
> With Regards,
> Venkatesh
>
> On Fri, Sep 24, 2021 at 12:11 AM Otis Dewitt - NOAA Affiliate
>  wrote:
>
>> No problem Venkatesh.
>>
>> No, I don't know how to generate entropy in Apache because I think Apache
>> uses the system entropy.
>> You can check how many are available via: "cat
>> /proc/sys/kernel/random/entropy_avail".
>>
>> Under the system I know of two different packages, one *rngd *and the
>> other *haveged.*
>>
>> The *rngd* daemon, which is a part of the rng-tools package, is capable
>> of using both environmental noise and hardware random number generators for
>> extracting entropy. The daemon checks whether the data supplied by the
>> source of randomness is sufficiently random and then stores it in the
>> kernel's random-number entropy pool. The random numbers it generates are
>> made available through the /dev/random and /dev/urandom character
>> devices.
>>
>> The *haveged *project is an attempt to provide an easy-to-use,
>> unpredictable random number generator based upon an adaptation of the
>> HAVEGE  algorithm. Haveged
>> was created to remedy low-entropy conditions in the Linux random device
>> that can occur under some workloads, especially on headless servers.
>> Current development of haveged is directed towards improving overall
>> reliability and adaptability while minimizing the barriers to using haveged
>> for other tasks.
>>
>> What OS are you using? Redhat CentOS etc . . .
>>
>>
>> On Thu, Sep 23, 2021 at 2:06 PM alchemist vk 
>> wrote:
>>
>>> Thanks Dewitt for your inputs.
>>> Will check from system perspective how to generate more entropy and
>>> resolve this issue.
>>>
>>> Do you know, how to generate more entropy in system or via apache so
>>> that it can never be deprived of entropy?
>>>
>>> With Regards,
>>> Venkatesh
>>>
>>> On Thu, Sep 23, 2021 at 8:46 PM Otis Dewitt - NOAA Affiliate
>>>  wrote:
>>>
 Hmm I see, I not sure why you did not get this right away when
 switching from openssl to openssl-fips because FIPS require a lot of 
 entropy
 and if this is on VMWARE, that has very poor entropy unless you use
 entropy generator like "*haveged*" or load *virtio_rng *kernel module.
 As I said before I am not sure how you will fix this without generating
 more entropy, it seems the system is unable to create enough and
 there is no way around this.


 On Thu, Sep 23, 2021 at 1:15 AM alchemist vk 
 wrote:

> Thanks *Jon *for openssl command confirmation.
> *@ylavik*,
>  Its linux OS and openssl version is 1.1.1k-fips. I not yet
> explored with SSLRandomSeed changes.
>  Yes, we upgraded openssl few months back to 1.1.1k, but we are
> seeing this httpd hangs issue from last month.
>
> *@otis Dewitt*, Since its production code in systems, I cant install
> haveged and try it out.
>
>
> On Thu, Sep 23, 2021 at 4:57 AM Otis Dewitt - NOAA Affiliate
>  wrote:
>
>>
>> I don't think "insufficient entropy" has anything to do with Apache,
>> but you could try installing "haveged" rpm.
>> That may solve your problem.
>>
>> On Wed, Sep 22, 2021 at 2:11 PM alchemist vk 
>> wrote:
>>
>>> Hi All,
>>>  We are using httpd version 2.4.46 and its working fine for a long
>>> time. But recently, we started seeing an issue where apache hangs
>>> indefinitely even when the system is in idle state.
>>> And when apache hangs, I see below entries in error_log:
>>> [Tue Sep 21 22:05:53.243013 2021] [ssl:warn] [pid 5769:tid
>>> 2644435888] AH01990: Server: PRNG still contains insufficient entropy!
>>> [Tue Sep 21 22:05:54.501476 2021] [ssl:warn] [pid 5769:tid
>>> 2787111856] AH01990: Server: PRNG still contains insufficient entropy!
>>> [Tue Sep 21 22:05:54.502449 2021] [ssl:warn] [pid 5769:tid
>>> 2787111856] AH01990: Server: PRNG still contains insufficient entropy!
>>> ...
>>> 
>>> 
>>>
>>> I am pretty sure, we not changed anything related to httpd config
>>> for quite a time time and have no idea, why this issue started getting
>>> manifested now.
>>> Please help me how to RC this and what logs can be looked to debug
>>> further?
>>>
>>> PS: Occurence of issue is more in systems where FIPS is enabled. In
>>> FIPS disabled systems, occurrence is less.
>>>
>>> With Regards
>>> Venkat
>>>
>>>
>>>
>>>
>>>

Re: [users@httpd] Httpd is hanging intermittently

2021-09-24 Thread alchemist vk 
Thanks Dewitt for very thorough and insightful explanation. We are using
Yocto packaged linux version with openssl version being OpenSSL 1.1.1k-fips
 25 Mar 2021.

With Regards,
Venkatesh

On Fri, Sep 24, 2021 at 12:11 AM Otis Dewitt - NOAA Affiliate
 wrote:

> No problem Venkatesh.
>
> No, I don't know how to generate entropy in Apache because I think Apache
> uses the system entropy.
> You can check how many are available via: "cat
> /proc/sys/kernel/random/entropy_avail".
>
> Under the system I know of two different packages, one *rngd *and the
> other *haveged.*
>
> The *rngd* daemon, which is a part of the rng-tools package, is capable
> of using both environmental noise and hardware random number generators for
> extracting entropy. The daemon checks whether the data supplied by the
> source of randomness is sufficiently random and then stores it in the
> kernel's random-number entropy pool. The random numbers it generates are
> made available through the /dev/random and /dev/urandom character devices.
>
> The *haveged *project is an attempt to provide an easy-to-use,
> unpredictable random number generator based upon an adaptation of the
> HAVEGE  algorithm. Haveged was
> created to remedy low-entropy conditions in the Linux random device that
> can occur under some workloads, especially on headless servers. Current
> development of haveged is directed towards improving overall reliability
> and adaptability while minimizing the barriers to using haveged for other
> tasks.
>
> What OS are you using? Redhat CentOS etc . . .
>
>
> On Thu, Sep 23, 2021 at 2:06 PM alchemist vk 
> wrote:
>
>> Thanks Dewitt for your inputs.
>> Will check from system perspective how to generate more entropy and
>> resolve this issue.
>>
>> Do you know, how to generate more entropy in system or via apache so that
>> it can never be deprived of entropy?
>>
>> With Regards,
>> Venkatesh
>>
>> On Thu, Sep 23, 2021 at 8:46 PM Otis Dewitt - NOAA Affiliate
>>  wrote:
>>
>>> Hmm I see, I not sure why you did not get this right away when switching
>>> from openssl to openssl-fips because FIPS require a lot of entropy
>>> and if this is on VMWARE, that has very poor entropy unless you use
>>> entropy generator like "*haveged*" or load *virtio_rng *kernel module.
>>> As I said before I am not sure how you will fix this without generating
>>> more entropy, it seems the system is unable to create enough and
>>> there is no way around this.
>>>
>>>
>>> On Thu, Sep 23, 2021 at 1:15 AM alchemist vk 
>>> wrote:
>>>
 Thanks *Jon *for openssl command confirmation.
 *@ylavik*,
  Its linux OS and openssl version is 1.1.1k-fips. I not yet
 explored with SSLRandomSeed changes.
  Yes, we upgraded openssl few months back to 1.1.1k, but we are
 seeing this httpd hangs issue from last month.

 *@otis Dewitt*, Since its production code in systems, I cant install
 haveged and try it out.


 On Thu, Sep 23, 2021 at 4:57 AM Otis Dewitt - NOAA Affiliate
  wrote:

>
> I don't think "insufficient entropy" has anything to do with Apache,
> but you could try installing "haveged" rpm.
> That may solve your problem.
>
> On Wed, Sep 22, 2021 at 2:11 PM alchemist vk 
> wrote:
>
>> Hi All,
>>  We are using httpd version 2.4.46 and its working fine for a long
>> time. But recently, we started seeing an issue where apache hangs
>> indefinitely even when the system is in idle state.
>> And when apache hangs, I see below entries in error_log:
>> [Tue Sep 21 22:05:53.243013 2021] [ssl:warn] [pid 5769:tid
>> 2644435888] AH01990: Server: PRNG still contains insufficient entropy!
>> [Tue Sep 21 22:05:54.501476 2021] [ssl:warn] [pid 5769:tid
>> 2787111856] AH01990: Server: PRNG still contains insufficient entropy!
>> [Tue Sep 21 22:05:54.502449 2021] [ssl:warn] [pid 5769:tid
>> 2787111856] AH01990: Server: PRNG still contains insufficient entropy!
>> ...
>> 
>> 
>>
>> I am pretty sure, we not changed anything related to httpd config for
>> quite a time time and have no idea, why this issue started getting
>> manifested now.
>> Please help me how to RC this and what logs can be looked to debug
>> further?
>>
>> PS: Occurence of issue is more in systems where FIPS is enabled. In
>> FIPS disabled systems, occurrence is less.
>>
>> With Regards
>> Venkat
>>
>>
>>
>>
>>

Re: [users@httpd] Httpd is hanging intermittently

2021-09-23 Thread Otis Dewitt - NOAA Affiliate 
No problem Venkatesh.

No, I don't know how to generate entropy in Apache because I think Apache
uses the system entropy.
You can check how many are available via: "cat
/proc/sys/kernel/random/entropy_avail".

Under the system I know of two different packages, one *rngd *and the other
*haveged.*

The *rngd* daemon, which is a part of the rng-tools package, is capable of
using both environmental noise and hardware random number generators for
extracting entropy. The daemon checks whether the data supplied by the
source of randomness is sufficiently random and then stores it in the
kernel's random-number entropy pool. The random numbers it generates are
made available through the /dev/random and /dev/urandom character devices.

The *haveged *project is an attempt to provide an easy-to-use,
unpredictable random number generator based upon an adaptation of the HAVEGE
 algorithm. Haveged was created
to remedy low-entropy conditions in the Linux random device that can occur
under some workloads, especially on headless servers. Current development
of haveged is directed towards improving overall reliability and
adaptability while minimizing the barriers to using haveged for other tasks.

What OS are you using? Redhat CentOS etc . . .


On Thu, Sep 23, 2021 at 2:06 PM alchemist vk  wrote:

> Thanks Dewitt for your inputs.
> Will check from system perspective how to generate more entropy and
> resolve this issue.
>
> Do you know, how to generate more entropy in system or via apache so that
> it can never be deprived of entropy?
>
> With Regards,
> Venkatesh
>
> On Thu, Sep 23, 2021 at 8:46 PM Otis Dewitt - NOAA Affiliate
>  wrote:
>
>> Hmm I see, I not sure why you did not get this right away when switching
>> from openssl to openssl-fips because FIPS require a lot of entropy
>> and if this is on VMWARE, that has very poor entropy unless you use
>> entropy generator like "*haveged*" or load *virtio_rng *kernel module.
>> As I said before I am not sure how you will fix this without generating
>> more entropy, it seems the system is unable to create enough and
>> there is no way around this.
>>
>>
>> On Thu, Sep 23, 2021 at 1:15 AM alchemist vk 
>> wrote:
>>
>>> Thanks *Jon *for openssl command confirmation.
>>> *@ylavik*,
>>>  Its linux OS and openssl version is 1.1.1k-fips. I not yet explored
>>> with SSLRandomSeed changes.
>>>  Yes, we upgraded openssl few months back to 1.1.1k, but we are
>>> seeing this httpd hangs issue from last month.
>>>
>>> *@otis Dewitt*, Since its production code in systems, I cant install
>>> haveged and try it out.
>>>
>>>
>>> On Thu, Sep 23, 2021 at 4:57 AM Otis Dewitt - NOAA Affiliate
>>>  wrote:
>>>

 I don't think "insufficient entropy" has anything to do with Apache,
 but you could try installing "haveged" rpm.
 That may solve your problem.

 On Wed, Sep 22, 2021 at 2:11 PM alchemist vk 
 wrote:

> Hi All,
>  We are using httpd version 2.4.46 and its working fine for a long
> time. But recently, we started seeing an issue where apache hangs
> indefinitely even when the system is in idle state.
> And when apache hangs, I see below entries in error_log:
> [Tue Sep 21 22:05:53.243013 2021] [ssl:warn] [pid 5769:tid 2644435888]
> AH01990: Server: PRNG still contains insufficient entropy!
> [Tue Sep 21 22:05:54.501476 2021] [ssl:warn] [pid 5769:tid 2787111856]
> AH01990: Server: PRNG still contains insufficient entropy!
> [Tue Sep 21 22:05:54.502449 2021] [ssl:warn] [pid 5769:tid 2787111856]
> AH01990: Server: PRNG still contains insufficient entropy!
> ...
> 
> 
>
> I am pretty sure, we not changed anything related to httpd config for
> quite a time time and have no idea, why this issue started getting
> manifested now.
> Please help me how to RC this and what logs can be looked to debug
> further?
>
> PS: Occurence of issue is more in systems where FIPS is enabled. In
> FIPS disabled systems, occurrence is less.
>
> With Regards
> Venkat
>
>
>
>
>

Re: [users@httpd] Httpd is hanging intermittently

2021-09-23 Thread alchemist vk 
Thanks Dewitt for your inputs.
Will check from system perspective how to generate more entropy and resolve
this issue.

Do you know, how to generate more entropy in system or via apache so that
it can never be deprived of entropy?

With Regards,
Venkatesh

On Thu, Sep 23, 2021 at 8:46 PM Otis Dewitt - NOAA Affiliate
 wrote:

> Hmm I see, I not sure why you did not get this right away when switching
> from openssl to openssl-fips because FIPS require a lot of entropy
> and if this is on VMWARE, that has very poor entropy unless you use
> entropy generator like "*haveged*" or load *virtio_rng *kernel module.
> As I said before I am not sure how you will fix this without generating
> more entropy, it seems the system is unable to create enough and
> there is no way around this.
>
>
> On Thu, Sep 23, 2021 at 1:15 AM alchemist vk 
> wrote:
>
>> Thanks *Jon *for openssl command confirmation.
>> *@ylavik*,
>>  Its linux OS and openssl version is 1.1.1k-fips. I not yet explored
>> with SSLRandomSeed changes.
>>  Yes, we upgraded openssl few months back to 1.1.1k, but we are
>> seeing this httpd hangs issue from last month.
>>
>> *@otis Dewitt*, Since its production code in systems, I cant install
>> haveged and try it out.
>>
>>
>> On Thu, Sep 23, 2021 at 4:57 AM Otis Dewitt - NOAA Affiliate
>>  wrote:
>>
>>>
>>> I don't think "insufficient entropy" has anything to do with Apache, but
>>> you could try installing "haveged" rpm.
>>> That may solve your problem.
>>>
>>> On Wed, Sep 22, 2021 at 2:11 PM alchemist vk 
>>> wrote:
>>>
 Hi All,
  We are using httpd version 2.4.46 and its working fine for a long
 time. But recently, we started seeing an issue where apache hangs
 indefinitely even when the system is in idle state.
 And when apache hangs, I see below entries in error_log:
 [Tue Sep 21 22:05:53.243013 2021] [ssl:warn] [pid 5769:tid 2644435888]
 AH01990: Server: PRNG still contains insufficient entropy!
 [Tue Sep 21 22:05:54.501476 2021] [ssl:warn] [pid 5769:tid 2787111856]
 AH01990: Server: PRNG still contains insufficient entropy!
 [Tue Sep 21 22:05:54.502449 2021] [ssl:warn] [pid 5769:tid 2787111856]
 AH01990: Server: PRNG still contains insufficient entropy!
 ...
 
 

 I am pretty sure, we not changed anything related to httpd config for
 quite a time time and have no idea, why this issue started getting
 manifested now.
 Please help me how to RC this and what logs can be looked to debug
 further?

 PS: Occurence of issue is more in systems where FIPS is enabled. In
 FIPS disabled systems, occurrence is less.

 With Regards
 Venkat

Re: [users@httpd] Httpd is hanging intermittently

2021-09-23 Thread Otis Dewitt - NOAA Affiliate 
Hmm I see, I not sure why you did not get this right away when switching
from openssl to openssl-fips because FIPS require a lot of entropy
and if this is on VMWARE, that has very poor entropy unless you use entropy
generator like "*haveged*" or load *virtio_rng *kernel module.
As I said before I am not sure how you will fix this without generating
more entropy, it seems the system is unable to create enough and
there is no way around this.


On Thu, Sep 23, 2021 at 1:15 AM alchemist vk  wrote:

> Thanks *Jon *for openssl command confirmation.
> *@ylavik*,
>  Its linux OS and openssl version is 1.1.1k-fips. I not yet explored
> with SSLRandomSeed changes.
>  Yes, we upgraded openssl few months back to 1.1.1k, but we are seeing
> this httpd hangs issue from last month.
>
> *@otis Dewitt*, Since its production code in systems, I cant install
> haveged and try it out.
>
>
> On Thu, Sep 23, 2021 at 4:57 AM Otis Dewitt - NOAA Affiliate
>  wrote:
>
>>
>> I don't think "insufficient entropy" has anything to do with Apache, but
>> you could try installing "haveged" rpm.
>> That may solve your problem.
>>
>> On Wed, Sep 22, 2021 at 2:11 PM alchemist vk 
>> wrote:
>>
>>> Hi All,
>>>  We are using httpd version 2.4.46 and its working fine for a long time.
>>> But recently, we started seeing an issue where apache hangs indefinitely
>>> even when the system is in idle state.
>>> And when apache hangs, I see below entries in error_log:
>>> [Tue Sep 21 22:05:53.243013 2021] [ssl:warn] [pid 5769:tid 2644435888]
>>> AH01990: Server: PRNG still contains insufficient entropy!
>>> [Tue Sep 21 22:05:54.501476 2021] [ssl:warn] [pid 5769:tid 2787111856]
>>> AH01990: Server: PRNG still contains insufficient entropy!
>>> [Tue Sep 21 22:05:54.502449 2021] [ssl:warn] [pid 5769:tid 2787111856]
>>> AH01990: Server: PRNG still contains insufficient entropy!
>>> ...
>>> 
>>> 
>>>
>>> I am pretty sure, we not changed anything related to httpd config for
>>> quite a time time and have no idea, why this issue started getting
>>> manifested now.
>>> Please help me how to RC this and what logs can be looked to debug
>>> further?
>>>
>>> PS: Occurence of issue is more in systems where FIPS is enabled. In FIPS
>>> disabled systems, occurrence is less.
>>>
>>> With Regards
>>> Venkat
>>>
>>>
>>>
>>>
>>>

Re: [users@httpd] Httpd is hanging intermittently

2021-09-22 Thread alchemist vk 
Thanks *Jon *for openssl command confirmation.
*@ylavik*,
 Its linux OS and openssl version is 1.1.1k-fips. I not yet explored
with SSLRandomSeed changes.
 Yes, we upgraded openssl few months back to 1.1.1k, but we are seeing
this httpd hangs issue from last month.

*@otis Dewitt*, Since its production code in systems, I cant install
haveged and try it out.


On Thu, Sep 23, 2021 at 4:57 AM Otis Dewitt - NOAA Affiliate
 wrote:

>
> I don't think "insufficient entropy" has anything to do with Apache, but
> you could try installing "haveged" rpm.
> That may solve your problem.
>
> On Wed, Sep 22, 2021 at 2:11 PM alchemist vk 
> wrote:
>
>> Hi All,
>>  We are using httpd version 2.4.46 and its working fine for a long time.
>> But recently, we started seeing an issue where apache hangs indefinitely
>> even when the system is in idle state.
>> And when apache hangs, I see below entries in error_log:
>> [Tue Sep 21 22:05:53.243013 2021] [ssl:warn] [pid 5769:tid 2644435888]
>> AH01990: Server: PRNG still contains insufficient entropy!
>> [Tue Sep 21 22:05:54.501476 2021] [ssl:warn] [pid 5769:tid 2787111856]
>> AH01990: Server: PRNG still contains insufficient entropy!
>> [Tue Sep 21 22:05:54.502449 2021] [ssl:warn] [pid 5769:tid 2787111856]
>> AH01990: Server: PRNG still contains insufficient entropy!
>> ...
>> 
>> 
>>
>> I am pretty sure, we not changed anything related to httpd config for
>> quite a time time and have no idea, why this issue started getting
>> manifested now.
>> Please help me how to RC this and what logs can be looked to debug
>> further?
>>
>> PS: Occurence of issue is more in systems where FIPS is enabled. In FIPS
>> disabled systems, occurrence is less.
>>
>> With Regards
>> Venkat
>>
>>
>>
>>
>>

Re: [users@httpd] Httpd is hanging intermittently

2021-09-22 Thread Otis Dewitt - NOAA Affiliate 
I don't think "insufficient entropy" has anything to do with Apache, but
you could try installing "haveged" rpm.
That may solve your problem.

On Wed, Sep 22, 2021 at 2:11 PM alchemist vk  wrote:

> Hi All,
>  We are using httpd version 2.4.46 and its working fine for a long time.
> But recently, we started seeing an issue where apache hangs indefinitely
> even when the system is in idle state.
> And when apache hangs, I see below entries in error_log:
> [Tue Sep 21 22:05:53.243013 2021] [ssl:warn] [pid 5769:tid 2644435888]
> AH01990: Server: PRNG still contains insufficient entropy!
> [Tue Sep 21 22:05:54.501476 2021] [ssl:warn] [pid 5769:tid 2787111856]
> AH01990: Server: PRNG still contains insufficient entropy!
> [Tue Sep 21 22:05:54.502449 2021] [ssl:warn] [pid 5769:tid 2787111856]
> AH01990: Server: PRNG still contains insufficient entropy!
> ...
> 
> 
>
> I am pretty sure, we not changed anything related to httpd config for
> quite a time time and have no idea, why this issue started getting
> manifested now.
> Please help me how to RC this and what logs can be looked to debug further?
>
> PS: Occurence of issue is more in systems where FIPS is enabled. In FIPS
> disabled systems, occurrence is less.
>
> With Regards
> Venkat
>
>
>
>
>

Re: [users@httpd] Httpd is hanging intermittently

2021-09-22 Thread Yann Ylavic 
On Wed, Sep 22, 2021 at 8:12 PM alchemist vk  wrote:
>
> I am pretty sure, we not changed anything related to httpd config for quite a 
> time time and have no idea, why this issue started getting manifested now.

Which operating system and openssl version are you using? Did you
upgrade openssl recently?
What are your SSLRandomSeed settings?


Regards;
Yann.

-
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org