From d9a770e6ea41e5540b85ce6f10ab78a7d5799f5b Mon Sep 17 00:00:00 2001 From: =?utf8?q?Bodo=20M=C3=B6ller?= Date: Tue, 10 Apr 2001 07:59:43 +0000 Subject: [PATCH] Mention automatically queried EGD sockets (OpenSSL 0.9.7). 0.9.5 is obsolete, so we don't have to discuss its 'openssl rsa' seeding bug. --- FAQ | 12 +++++------- 1 file changed, 5 insertions(+), 7 deletions(-) diff --git a/FAQ b/FAQ index 259ea4bc41..e9cc698100 100644 --- a/FAQ +++ b/FAQ @@ -169,8 +169,11 @@ application you are using. It is likely that it never worked correctly. OpenSSL 0.9.5 and later make the error visible by refusing to perform potentially insecure encryption. -On systems without /dev/urandom, it is a good idea to use the Entropy -Gathering Demon; see the RAND_egd() manpage for details. +On systems without /dev/urandom and /dev/random, it is a good idea to +use the Entropy Gathering Demon (EGD); see the RAND_egd() manpage for +details. Starting with version 0.9.7, OpenSSL will automatically look +for an EGD socket at /var/run/egd-pool, /dev/egd-pool, /etc/egd-pool and +/etc/entropy. Most components of the openssl command line tool try to use the file $HOME/.rnd (or $RANDFILE, if this environment variable is set) @@ -183,11 +186,6 @@ OpenSSL command line tools. Applications using the OpenSSL library provide their own configuration options to specify the entropy source, please check out the documentation coming the with application. -[Note to OpenSSL 0.9.5 users: The command "openssl rsa" in version -0.9.5 does not do this and will fail on systems without /dev/urandom -when trying to password-encrypt an RSA key! This is a bug in the -library; try a later version instead.] - For Solaris 2.6, Tim Nibbe and others have suggested installing the SUNski package from Sun patch 105710-01 (Sparc) which adds a /dev/random device and make sure it gets used, usually through -- 2.34.1