Author: Jerome Louvel Date: To: exim-users Subject: Re: [exim] Weird client TLS problem
Thanks for the help Heiko.
> Yep. You need more entropy.
>
> To confirm this theory you may test moving /dev/random to some save
> place and create a symlink /dev/random, pointing to /dev/urandom.
>
> Then restart exim.
I just did the test with no success. What is weird is that my machine always
succeeds and the other client machine always fails even though we have the
same IP and environment (not same hardware)...
How would the server behavior change depending on the client hardware if all
that he sees is a TCP/IP socket coming from the exact same IP address?
> If it really helps, you should test if your board has some HW random
> generator und you just forgot to load the driver. Or you may employ
> hwrng-tools, they provide a daemon which reads an entropy source and
> feeds the kernel - thus you have more entropy on /dev/random.
> As hack(?)
> we let hwrngd read the entropy from /dev/urandom ...
I'm not sure I want to go that far yet as I'm still not sure about the
actual cause. Is a '0' entropy an issue in all cases, or is it just an issue
for Exim/TLS?
> mainlog. But I remember, we had hard times to discover somewhere the
> 'not enought entropy' message, I think, it came from some
> other service,
> exim just waited for entropy (so I'm not 100% sure for your
> case, since
> for us exim just waited.... but could be that this behaviour changed.)
I checked mainlog again and nothing related to the failing connection
appears.