[Help-gnutls] Re: gnutls 1.2.6 and Mozilla Firefox compatibility problem

Nikos Mavrogiannopoulos nmav at gnutls.org
Sat Sep 10 18:53:55 CEST 2005

On Saturday 10 September 2005 18:18, Simon Josefsson wrote:

> > The problem seems to be libgcrypt's random generator. As far as I
> > understand when you fork() the random generator is on the same state for
> > every children. That's why the server produces the same session ID in the
> > second process.
> > I am not really sure about it, and I don't know how to overcome this,
> > that's why I crosspost to gcrypt-devel as well.
> One solution is that we switch to the random number handling that is
> implemented when --enable-nettle is given to a GnuTLS build.  Then
> GnuTLS will read (on GNU/Linux) from /dev/urandom for pseudo-random
> data and nonces, and from /dev/random for random data.

The problem with this is that a gnutls server will depleat /dev/random (we 
need to generate a master secret for each session), thus the server will be 
most of the time blocked waiting for input for /dev/random.

> Alternatively, GnuTLS could use an internal PRNG, and we could add an
> API to seed it.
The problem with internal PRNGs is that they are not thread safe (see 
libgcrypt's PRNG). 

> My personal preference is to rely on /dev/*random for randomness.  If
> that isn't sufficient for someone, she can always point GnuTLS to
> another device (or even file socket) and have full control without
> bogging down the gnutls library.
The file sockets seem like a good idea. We could still keep the libgcrypt 
PRNG, but it could run on a separate process (forked at global_init), and the
communication would be via local sockets. I don't know how good it sounds... 
but it looks thread and fork safe.
It also sound like a lot of work.

Nikos Mavrogiannopoulos

More information about the Gnutls-help mailing list