Re: [exim] TLS error on connection

Pàgina inicial
Delete this message
Reply to this message
Autor: Viktor Dukhovni
Data:  
A: exim-users
Assumpte: Re: [exim] TLS error on connection
On Thu, Aug 27, 2015 at 05:15:22PM +0200, Heiko Schlittermann wrote:

> > I did find a suggestion that deleteing /dev/random and creating a symlink
> > to /dev/urandom is a solution. Would this work?


It might, though it would be better (if supported/possible) to
configure Exim to use /dev/random rather than /dev/urandom if
/dev/random is the default.

It may also help to pre-configure DH parameters, if Exim otherwise
generates these on the fly.

> > Apparently 2.6 kernels produce less entropy than 2.4 and as this server does
> > nothing else except email handling it is possible that this could be the case
>
> You can use haveged, this helps you creating entropy.
> Or rngtools.


That does not seem like the right solution. Perhaps someone more
familiar with Exim internals can comment on tuning entropy sources
for Exim (my expertise is with TLS generally and OpenSSL/Postfix
specifically).

-- 
    Viktor.