[exim] TLS / Entropy

Inizio della pagina
Delete this message
Reply to this message
Autore: Sander Smeenk
Data:  
To: exim-users
Oggetto: [exim] TLS / Entropy
Hello,

I'm a keen Exim4 user (4.54, 4.60, Debian, monolithic config) and I'd
like to use TLS as much as possible. Not to authenticate senders, but
just to encrypt transfers between servers.

Yet, i notice that my server(s) lack entropy, or, i think that's the
case. My users are complaining that it takes ages before their mail is
delivered, and when inspecting the queue at such moments, it turns out
that the deliveries that stall all use TLS...

I have only seen this happen between exim4 <-> exim4, but that's mainly
because my users send mail internally and complain if the message isn't
there the second after they hit SEND. Remote receivers usually don't
complain if a message was delayed...

Now i remember, in the past i had the same entropy problems. I believe
that TLS was then switched to use /dev/urandom (which always has random
data, in contrary to /dev/random), but that's a long time ago, and it
probably has changed back again (because /dev/random should be *REALLY
RANDOM* while /dev/urandom could be predicted, they say).

And then i started wondering...

How does the rest of the world create all the entropy on their servers?
Are others also seeing this delay in TLS deliveries or is it a necessary
evil which comes with the use of TLS?

I'm curious!
Regards,
Sander.
--
| From the FidoNet tagline collection:
| Diplomacy: The patriotic art of lying for one's country.
| 1024D/08CEC94D - 34B3 3314 B146 E13C 70C8 9BDB D463 7E41 08CE C94D