[Pkg-gnutls-maint] Re: not draining entrophy is a good thing
wildfire at progsoc.org
Tue Oct 17 06:13:15 UTC 2006
[ dropping the bug# cc, adding exim4 maintainers directly ]
On 10/17/06, Simon Josefsson <jas at extundo.com> wrote:
> "Anand Kumria" <wildfire at progsoc.org> writes:
> > As noted a by number of other people, a build of exim4 with openssl
> > does not suffer from entrophy exhaustion so quickly. It is isn't clear
> > to me why gnutls (via libgcrypt as I understand it) is depleting the
> > pool so rapidly.
> Hi. It doesn't seem clear to anyone. :-(
> > Users can basically exhaust entrophy on my servers just by sending a
> > large (2MiB) email, which causes them pain because mail (delivery,
> > submission, etc.) is held up until enough activity has occurred to
> > generate further entrophy.
> That would be very strange! If true, it suggests that randomness is
> required not only during handshake (which is to be expected, although
> it is supposed to only use /dev/urandom), but during normal
Yes, that appears to be the case.
> If someone can describe a simple way to reproduce this, I can try to
> debug it, but so far it doesn't seem to happen in simple
> configurations, and nobody has described the details when this
I noticed this across 5 different domains that I admin; it seems very
easy for me to reproduce (Install exim4 - does not matter whether on
actual hardware or in Xen or in UML), create an SSL certificate, watch
What steps have you taken? If you have a exim configuration file
(/var/lib/exim4/config.autogenerated) for a SSL/TLS exim4 setup that
does *not* experience this problem, please post it somewhere; perhaps
there is some subtle difference.
More information about the Pkg-gnutls-maint