Hmm I see, I not sure why you did not get this right away when switching from openssl to openssl-fips because FIPS require a lot of entropy and if this is on VMWARE, that has very poor entropy unless you use entropy generator like "*haveged*" or load *virtio_rng *kernel module. As I said before I am not sure how you will fix this without generating more entropy, it seems the system is unable to create enough and there is no way around this.
On Thu, Sep 23, 2021 at 1:15 AM alchemist vk <alchemist...@gmail.com> wrote: > Thanks *Jon *for openssl command confirmation. > *@ylavik*, > Its linux OS and openssl version is 1.1.1k-fips. I not yet explored > with SSLRandomSeed changes. > Yes, we upgraded openssl few months back to 1.1.1k, but we are seeing > this httpd hangs issue from last month. > > *@otis Dewitt*, Since its production code in systems, I cant install > haveged and try it out. > > > On Thu, Sep 23, 2021 at 4:57 AM Otis Dewitt - NOAA Affiliate > <otis.dew...@noaa.gov.invalid> wrote: > >> >> I don't think "insufficient entropy" has anything to do with Apache, but >> you could try installing "haveged" rpm. >> That may solve your problem. >> >> On Wed, Sep 22, 2021 at 2:11 PM alchemist vk <alchemist...@gmail.com> >> wrote: >> >>> Hi All, >>> We are using httpd version 2.4.46 and its working fine for a long time. >>> But recently, we started seeing an issue where apache hangs indefinitely >>> even when the system is in idle state. >>> And when apache hangs, I see below entries in error_log: >>> [Tue Sep 21 22:05:53.243013 2021] [ssl:warn] [pid 5769:tid 2644435888] >>> AH01990: Server: PRNG still contains insufficient entropy! >>> [Tue Sep 21 22:05:54.501476 2021] [ssl:warn] [pid 5769:tid 2787111856] >>> AH01990: Server: PRNG still contains insufficient entropy! >>> [Tue Sep 21 22:05:54.502449 2021] [ssl:warn] [pid 5769:tid 2787111856] >>> AH01990: Server: PRNG still contains insufficient entropy! >>> ... >>> .... >>> .... >>> >>> I am pretty sure, we not changed anything related to httpd config for >>> quite a time time and have no idea, why this issue started getting >>> manifested now. >>> Please help me how to RC this and what logs can be looked to debug >>> further? >>> >>> PS: Occurence of issue is more in systems where FIPS is enabled. In FIPS >>> disabled systems, occurrence is less. >>> >>> With Regards >>> Venkat >>> >>> >>> >>> >>>
