reassign #387448 exim4-daemon-light,exim4-daemon-heavy tags #387448 confirmed upstream help user [EMAIL PROTECTED] usertags #387448 gnutls forwarded #387448 http://www.exim.org/bugzilla/show_bug.cgi?id=390 thanks
On Thu, Sep 14, 2006 at 02:57:38PM +0200, Yuri D'Elia wrote: > I know this has been reported before to death [since gnutls is being used], > but I will just add another twist, since I'm tired of rebuilding exim with > OpenSSL manually. > > GnuTLS drains the entropy pool much more quickly than OpenSSL. On server > systems without hardware generators, /dev/random drains very quickly, meaning > that exim will often block. But exim should NOT block, or even wait, in > STARTTLS. As far as I know, exim blocks if no dh-parameters are available. The package regenerates the dh-parameters from outside exim if the gnutls-bin package is installed. exim4-base suggests gnutls-bin for this reason. > This is a bug in exim. exim should NOT block in STARTTLS. keys must be > generated in background or by other means, This is already been done. > and the unavailability of data at STARTTLS should generate and > immediate temporary failure to avoid other DOS conditions. Forwarded upstream. Greetings Marc -- ----------------------------------------------------------------------------- Marc Haber | "I don't trust Computers. They | Mailadresse im Header Mannheim, Germany | lose things." Winona Ryder | Fon: *49 621 72739834 Nordisch by Nature | How to make an American Quilt | Fax: *49 621 72739835 -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]