Hi, the combination of software you use works fine for me on solaris 8.
However, when using these versions, I faced the following probelm: -> apache wont start up with the option "SSLRandomSeed startup builtin" enabled. I then installed the package "ANDIrand-0.7-5.8-sparc-1.pkg" from "http://www.cosy.sbg.ac.at/~andi/"; which provides a /dev/random resp. /dev/urandom. Using this (SSLRandomSeed startup file:/dev/urandom 1024) my apache starts up fine. So: - Does OpenBSD have a /dev/urandom? -> Try using it- - If not, maybe the package I stated above is available for OpenBSD as well. Kind regards, B. Courtin BTW: For all those using mm: Please notice that there is a security bug in mm < version 1.2.1 as well which was announced on Jul 30 2002? Have a look here: Advisory: http://www.openpkg.org/security/OpenPKG-SA-2002.007-mm.html (CERT ID "2002-453dcert"). You can get the latest version of mm here: http://www.ossp.org/pkg/lib/mm/ -----Original Message----- From: cbenn [mailto:[EMAIL PROTECTED]] Sent: Wednesday, July 31, 2002 7:10 PM To: [EMAIL PROTECTED] Subject: PRNG errors Hello everyone. I just upgraded my OpenSSL yesterday from 9.6c to 9.6e, then recompiled my mod_ssl-2.8.10-1.3.26 and Apache on OpenBSD 3.0. Everything seemed to go fine, but now all my https request are unable to connect. According to all the docs I've seen the error message suggest changing the "SSLRandomSeed" setting in the httpd.conf, however I've tried various setting, see the new value for the "Seeding PRNG" line in the log, but the handshake still fails with the same error message. Can anyone suggest anything else that maybe the issue. Thanks, benn ####From httpd.conf#### # Pseudo Random Number Generator (PRNG): SSLRandomSeed startup builtin SSLRandomSeed connect builtin ####From ssl_engine_log#### [31/Jul/2002 09:49:00 30490] [info] Connection to child 3 established (server www.host.com:443, client 127.0.0.1) [31/Jul/2002 09:49:00 30490] [info] Seeding PRNG with 1160 bytes of entropy [31/Jul/2002 09:49:00 30490] [error] SSL handshake failed (server www.host.com:443, client 127.0.0.1) (OpenSSL library error follows) [31/Jul/2002 09:49:00 30490] [error] OpenSSL: error:24064064:random number generator:SSLEAY_RAND_BYTES:PRNG not seeded [31/Jul/2002 09:49:00 30490] [error] OpenSSL: error:24064064:random number generator:SSLEAY_RAND_BYTES:PRNG not seeded [31/Jul/2002 09:49:00 30490] [error] OpenSSL: error:24064064:random number generator:SSLEAY_RAND_BYTES:PRNG not seeded [31/Jul/2002 09:49:00 30490] [error] OpenSSL: error:1409B005:SSL routines:SSL3_SEND_SERVER_KEY_EXCHANGE:bad asn1 object header ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED] ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
