Full_Name: EKR Version: 2.8.8-1.3.24 OS: NT 4.0 Submission from: (NULL) (198.144.203.242)
ssl_engine_rand.c:ssl_rand_seed() fopens the random file in text mode. On Unix this is fine but on Windows this means that it will stop as soon as it sees an EOD in the file. Since the random file is often random binary data, this means that with high probability the entire file will not be read. This can lead to insufficient amounts of entropy being delivered to OpenSSL. The fix is to change: if ((fp = ap_pfopen(p, pRandSeed->cpPath, "r")) == NULL) continue; to: if ((fp = ap_pfopen(p, pRandSeed->cpPath, "rb")) == NULL) continue; ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]