➢ P.S. I wonder if it's feasible to have a configuration parameter that would allow me to tell the TLS code to invoke RAND_add_ex() before generating session keys? At this point, you might as well just change the code to use getrandom() and pass it through.
Either you accept that NIST SP 90A is right, or you just bypass it completely. We’re in the first camp. But it’s open source, do what fits your needs. -- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev