-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Gregor,
On 12/20/11 1:53 PM, Gregor S. wrote: > On Tue, Dec 20, 2011 at 7:43 PM, Christopher Schultz > <ch...@christopherschultz.net> wrote: > >> Do you have an OpenSSL crypto provider that you'd like to use >> *besides* the software-based one? If so, that's where you'd >> specify it. > > Nope, we're just using plain OpenSSL here. Okay. At least that makes configuration straightforward. > I was just a bit afraid that the netropy generated by /dev/urandom > might be a bit weak. > > JFC also told me that builtin == OpenSSL when the APR is linked > against OpenSSL. I think APR *must* be linked against OpenSSL... that is, I don't think you can link it against... er, some other SSL library (I don't know any off-hand that exist). Yes, builtin does == software OpenSSL, unless you have compiled OpenSSL is some way to change the default engine to something else. Note that this does not change anything about the rest of your JVM -- only how the Tomcat Connector uses APR and SSL directly. Also note that on most Linux systems, the JRE is set up to use /dev/urandom as well. - -chris -----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.17 (Darwin) Comment: GPGTools - http://gpgtools.org Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAk7w7ecACgkQ9CaO5/Lv0PDRLACeIAcB0zSBrUraJkzeFz1jkhHm LVwAnR1eKFsJtGw45ZTxZ95d5ub09Vlp =mEBT -----END PGP SIGNATURE----- --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
