On Thu, Dec 20, 2001 at 10:17:13AM -0800, Doug MacEachern wrote: > that function was derived from mod_ssl-1.xx and have learned some > things since. i recently noticed OpenSSL internally calls > RAND_seed(time()) during negotiation. so i was planning to remove that > same call from modssl or at least change it to use r->request_time. > (main goal: getting rid of time() and getpid() syscalls on every connect) > > since flood only seeds at startup time, might be better for you just to > use apr_generate_random_bytes(). don't want to use that in modssl for > 'SSLRandomSeed builtin connect', since /dev/random blocking will be too > slow for every connect. but will probably change it to use that for > 'SSLRandomSeed builtin startup'.
/dev/urandom won't block, so maybe we could live with that once per request and use the /dev/random for startup. -aaron
