Re: [Exim] Exim 4.12, GnuTLS & Entropy ...

Top Page
Delete this message
Reply to this message
Author: Sander Smeenk
Date:  
To: exim-users
Subject: Re: [Exim] Exim 4.12, GnuTLS & Entropy ...
Quoting Philip Hazel (ph10@???):

> > I have succesfully built Exim 4.12 with GnuTLS (0.8.1) but for some
> > reason this Exim is incapable of getting enough entropy no matter what I
> > do on my system, it seems like it doesn't check for new random bytes...
> I suspect you may be the first real user to try Exim with GnuTLS.
> Support for GnuTLS was a very recent addition. I tested it myself, and
> it seemed to work, but I am pretty ignorant about it.


It seems there is nothing wrong with your GnuTLS implementation (I never
implied that either ;)).

On the system I was testing Exim 4.12 with GnuTLS on, I run kernel
2.5.53. I just tested an older 2.4.x kernel and it works with that one.
So it *has* to be the kernel not seeding or not supporting dev/random...

What wonders me is that OpenSSL uses /dev/urandom, and libgcrypt uses
/dev/random by default unless you specify --disable-dev-random at
compile time...

[ exim not creating gnutls.params ]
> I don't recall any problems with that on my system (Solaris 8). I
> installed /dev/random so that I could test it, and although it grumbled
> once about lack of entropy (this is a very quiet system), it mostly
> seemed to work.


Yeah. On normal systems there should at least be enough entropy to seed
exim's params file, or any other file for that matter. That's why I was
so amazed by it not getting 300 bytes of data ...

So it's the kernel, and not Exim! *yay* :)

Thanks,
Sander.

--
| Showering in clothes shows you're crazy. Showering nude shows your nuts.
| 1024D/08CEC94D - 34B3 3314 B146 E13C 70C8 9BDB D463 7E41 08CE C94D