[Help-gnutls] Re: Previous bug in Debian regarding entropy Gnu-TLS, Exim-4.60, 2.4 kernel
Simon Josefsson
jas at extundo.com
Thu Jul 6 16:08:21 CEST 2006
Nikos Mavrogiannopoulos <nmav at gnutls.org> writes:
> On Thu 06 Jul 2006 15:37, Simon Josefsson wrote:
>
>> > That bug appears to be active, or maybe it should be called a
>> > "known issue," as that is what the debian people call it. Here is a
>> > link to the description of the issue,
>> > http://wiki.debian.org/PkgExim4KnownBugsInSarge
>> > My understanding is that GnuTLS does not generate enough entropy to
>> > satisfy exim's requirements. Can this issue be addressed?
>>
>> I'd love to help on this, but IIRC, the earlier reports were so vague
>> that there wasn't much to work on.
>> One problem was generation of DH or RSA parameters, but the proper
>> solution to that is to generate it in an external process in a cron
>> job every day or similar. Then an exhausted entropy pool shouldn't
>> hang exim.
>
> This was a problem in exim, which generated those parameters during a
> connection. But as far as I know this has been solved in debian. The
> parameters are now generated off-line with certtool.
Then presumably the issue can be solved by back-porting the fix to
Debian sarge.
/Simon
More information about the Gnutls-help
mailing list