On Tue, Feb 29, 2000, Lutz Jaenicke wrote:
> > After upgrading from OpenSSL 0.9.4 to 0.9.5, I get this error when trying to
> > start apache:
> > [error] mod_ssl: Init: Failed to generate temporary 512 bit RSA private key
> >
> > I can't find any information about this error.
> >
> > Here's some info about my webserver:
> > [notice] Apache/1.3.12 (Unix) PHP/3.0.15 mod_ssl/2.6.0 OpenSSL/0.9.4
> >
> > BSD/OS xenon 4.0.1 BSDI BSD/OS 4.0.1 Kernel #2: Tue Feb 22 22:50:55 PST 2000
> > pavalos@xenon:/usr/src/sys/compile/XENON i386
>
> I just experienced the same problem (but I have been prepared :-)
> OpenSSL 0.9.5 is more picky about the correct seeding of the PRNG
> (pseudo random number generator). It seems (did not check this out *) that the
> internal seed generation
> SSLRandomSeed startup builtin
> is not good enough anymore (not enough entropy bits).
Yes, the error didn't occur for me, because I'm on FreeBSD where OpenSSL
finds a /dev/urandom internally. For mod_ssl 2.6.1 I'll now complain
with a warning if too less entropy exists. Additionally the internal
seeding source now gathers more entropy.
> [...]
> Since 0.9.5 includes support for EGD, Ralf should consider including a
> SSLRandomSeed startup egd:/path/to/egd-socket
> feature into mod_ssl.
Now done. egd:/path/to/socket source is now supported in 2.6.1 if
OpenSSL version is >= 0.9.5. Thanks for the suggestions.
Ralf S. Engelschall
[EMAIL PROTECTED]
www.engelschall.com
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
