Bug#467136: Bug#348046: latest kernel + debian sarge = TLS problems

Marc Haber mh+debian-packages at zugschlus.de
Sat Feb 23 10:18:05 UTC 2008


On Wed, Oct 03, 2007 at 11:43:14AM -0400, Jon Fine wrote:
> Just wanted to chime in on what happened with our debian mail server.  
> Using courier-imap-ssl, exim4, etc originally with a 2.4.25 kernel.  
> Installed a hand compiled 2.6.22 kernel, rebooted, and ran into various  
> problems, specifically with sending email using TLS.  After much  
> hairpulling and very little to go on via the logs(no errors logged),  
> someone pointed me to this thread and the discussion of low entropy.  
> Doing a cat of /proc/sys/kernel/random/entropy_avail was giving me at  
> max a number in the high 50's.  After rolling back to our 2.4 kernel, we  
> are back at 4096.

Kernel 2.6 does not use the network interrupt any more to generate
entropy. A number of other entropy sources have been disabled as well.
So, on kernel 2.6, we have much less entropy to use - kernel
developers say it's better to not have entropy at all than having bad
or probably compromised entropy.

We are working with the GnuTLS people to have exim use less entropy
during its operation.

Greetings
Marc

-- 
-----------------------------------------------------------------------------
Marc Haber         | "I don't trust Computers. They | Mailadresse im Header
Mannheim, Germany  |  lose things."    Winona Ryder | Fon: *49 621 72739834
Nordisch by Nature |  How to make an American Quilt | Fax: *49 621 72739835





More information about the Pkg-exim4-maintainers mailing list