[Help-gnutls] Re: Previous bug in Debian regarding entropy Gnu-TLS, Exim-4.60, 2.4 kernel
nmav at gnutls.org
Thu Jul 6 15:56:05 CEST 2006
On Thu 06 Jul 2006 15:37, Simon Josefsson wrote:
> > That bug appears to be active, or maybe it should be called a
> > "known issue," as that is what the debian people call it. Here is a
> > link to the description of the issue,
> > http://wiki.debian.org/PkgExim4KnownBugsInSarge
> > My understanding is that GnuTLS does not generate enough entropy to
> > satisfy exim's requirements. Can this issue be addressed?
> I'd love to help on this, but IIRC, the earlier reports were so vague
> that there wasn't much to work on.
> One problem was generation of DH or RSA parameters, but the proper
> solution to that is to generate it in an external process in a cron
> job every day or similar. Then an exhausted entropy pool shouldn't
> hang exim.
This was a problem in exim, which generated those parameters during a
connection. But as far as I know this has been solved in debian. The
parameters are now generated off-line with certtool.
More information about the Gnutls-help