Greetings!
Has anyone checked whether the bug found in the PRNG in the Debian distro last May (http://www.debian.org/security/2008/dsa-1571) affected the uniqueness of the session IDs generated by OpenSSL? The code that generates the session ID seems to be using the md_rand.c that had the lines commented out, but perhaps someone has already invested some time in this, so I won't have to make sure J. Thanks! -- Dmitry Rubinstein
