From: Erik Abele Date: Sun, 4 Jan 2004 15:04:54 +0000 (+0000) Subject: Move SSLRandomSeed out of the container to support X-Git-Tag: pre_ajp_proxy~870 X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=657d8aa4b4384baea15f59f7a627eb7d2adecbd7;p=apache Move SSLRandomSeed out of the container to support starting without SSL on platforms with no /dev/random equivalent but a statically compiled-in mod_ssl. See PR: 25867 Submitted by: Rob Meyer git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@102179 13f79535-47bb-0310-9956-ffa450edef68 --- diff --git a/docs/conf/ssl-std.conf.in b/docs/conf/ssl-std.conf.in index 6bd410bea5..4812e54197 100644 --- a/docs/conf/ssl-std.conf.in +++ b/docs/conf/ssl-std.conf.in @@ -8,6 +8,30 @@ # what they do. They're here only as hints or reminders. If you are unsure # consult the online docs. You have been warned. # + +# +# Pseudo Random Number Generator (PRNG): +# Configure one or more sources to seed the PRNG of the SSL library. +# The seed data should be of good random quality. +# WARNING! On some platforms /dev/random blocks if not enough entropy +# is available. This means you then cannot use the /dev/random device +# because it would lead to very long connection times (as long as +# it requires to make more entropy available). But usually those +# platforms additionally provide a /dev/urandom device which doesn't +# block. So, if available, use this one instead. Read the mod_ssl User +# Manual for more details. +# +# Note: This must come before the container to support +# starting without SSL on platforms with no /dev/random equivalent +# but a statically compiled-in mod_ssl. +# +SSLRandomSeed startup builtin +SSLRandomSeed connect builtin +#SSLRandomSeed startup file:/dev/random 512 +#SSLRandomSeed startup file:/dev/urandom 512 +#SSLRandomSeed connect file:/dev/random 512 +#SSLRandomSeed connect file:/dev/urandom 512 + # @@ -52,23 +76,6 @@ SSLSessionCacheTimeout 300 # SSL engine uses internally for inter-process synchronization. SSLMutex file:@exp_runtimedir@/ssl_mutex -# Pseudo Random Number Generator (PRNG): -# Configure one or more sources to seed the PRNG of the -# SSL library. The seed data should be of good random quality. -# WARNING! On some platforms /dev/random blocks if not enough entropy -# is available. This means you then cannot use the /dev/random device -# because it would lead to very long connection times (as long as -# it requires to make more entropy available). But usually those -# platforms additionally provide a /dev/urandom device which doesn't -# block. So, if available, use this one instead. Read the mod_ssl User -# Manual for more details. -SSLRandomSeed startup builtin -SSLRandomSeed connect builtin -#SSLRandomSeed startup file:/dev/random 512 -#SSLRandomSeed startup file:/dev/urandom 512 -#SSLRandomSeed connect file:/dev/random 512 -#SSLRandomSeed connect file:/dev/urandom 512 - ## ## SSL Virtual Host Context ##