You should initialize ensure the PRNG has enough entropy long before you try to call SSL_connect().
> hi, > > i found a big performace problem with ssl_connect(). I WOULDN'T CALL IT A > REAL BUG, BUT IT COULD BE A BIG PROBLEM !!! > i integrated openssl inside my application and the ssl handshake needs more > than 30 seconds. on the same system but under win95 it just takes 5 seconds. > the problem seems to be inside the \crypto\rand\rand-win.c file. the > function rand_poll() enumerates all threads, processes, modules and heaps to > get the entropy of the system. > this way may be very save for creating a good random seed, but imagine if > there are a lot more of other processes and threads running beside openssl. > rand_poll() doesn't stops enumerating until all processes (and so on) are > touched. > normaly there are 100 threads, 30 processes, 50 modules and 10 heaplists > 'running' on my system (win2000) and the ssl handshake takes less than 2 > seconds. > inside my application there are 247 threads, 46 processes, 107 modules and > 22 heaplists 'running' and the ssl handshake time grows up to 30 seconds. > my suggestion is to build in an counter for all of these values and stop > enumerating after each counter is on a specified max value. > please think about it or prove me wrong. > > rené > > ______________________________________________________________________ > OpenSSL Project http://www.openssl.org > Development Mailing List [EMAIL PROTECTED] > Automated List Manager [EMAIL PROTECTED] > Jeffrey Altman * Sr.Software Designer C-Kermit 8.0 available now!!! The Kermit Project @ Columbia University includes Telnet, FTP and HTTP http://www.kermit-project.org/ secured with Kerberos, SRP, and [EMAIL PROTECTED] OpenSSL. Interfaces with OpenSSH ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
