cURL / Mailing Lists / curl-library / Single Mail

curl-library

Re: SSL random initialization

From: Joerg Mueller-Tolk <curl_at_mueller-tolk.de>
Date: Tue, 26 Oct 2004 16:10:46 +0200

Daniel Stenberg wrote:

>> error:24064064:random number generator:SSLEAY_RAND_BYTES:PRNG not seeded
>>
>> I found the OpenSSL docu
>> (http://www.openssl.org/support/faq.html#USER1) saying that the
>> random number generator needs certain initialization (at least 128
>> bit, ...). I browsed the curl sources and found the code in
>> 'ssluse.c', that seems to do the initialization of the random number
>> generator used by OpenSSL.
>>
>> Has anyone an idea why this error is only very rarely reported?
>
> Because most often the seed gets enough randomize!

What else would seed the random number generator, i.e. on a Windows machine?

> Consider providing your own random source (file) with
> CURLOPT_RANDOM_FILE.

As I understand the manual, It takes the content of the file as seed.
I suppose it is enough to set this option at the very first connection
and the file can be removed afterwards?

Many thanks
J�rg M-T
Received on 2004-10-26

This message: [ Message body ]
Next message: Daniel Stenberg: "Re: SSL random initialization"
Previous message: Daniel Stenberg: "Re: SSL random initialization"
In reply to: Daniel Stenberg: "Re: SSL random initialization"
Next in thread: Daniel Stenberg: "Re: SSL random initialization"
Reply: Daniel Stenberg: "Re: SSL random initialization"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]