On Thu, 20 Dec 2001, Justin Erenkrantz wrote: > FWIW, DougM submitted this function to flood to generate OpenSSL > entropy. I'd almost suggest somehow factoring this into apr-util > since flood needs this too (and doesn't have a scoreboard).
that function was derived from mod_ssl-1.xx and have learned some things since. i recently noticed OpenSSL internally calls RAND_seed(time()) during negotiation. so i was planning to remove that same call from modssl or at least change it to use r->request_time. (main goal: getting rid of time() and getpid() syscalls on every connect) since flood only seeds at startup time, might be better for you just to use apr_generate_random_bytes(). don't want to use that in modssl for 'SSLRandomSeed builtin connect', since /dev/random blocking will be too slow for every connect. but will probably change it to use that for 'SSLRandomSeed builtin startup'.
