cURL / Mailing Lists / curl-library / Single Mail


weak randomness with some TLS backends

From: Daniel Stenberg <>
Date: Tue, 3 Jun 2014 18:24:07 +0200 (CEST)


I just noticed that we only provide a strong random function for four of our
ten TLS backends:

$ grep "define have_curlssl_random" vtls/*.h
vtls/curl_darwinssl.h:#define have_curlssl_random 1
vtls/gtls.h:#define have_curlssl_random 1
vtls/nssg.h:#define have_curlssl_random 1
vtls/openssl.h:#define have_curlssl_random 1

In other words, only libcurl built to use one of DarwinSSL, GnuTLS, NSS or
OpenSSL get really strong random for SASL/Digest/forms etc that want good

I think this is mostly an oversight with the other backends and I'm leaning
towards making this cause a build failure until we fix it for all backends to
make it really notable.

Please check out if you can help us make your favorite backend do the right

List admin:
Received on 2014-06-03