Name
SSLRandomSeed
Synopsis
SSLRandomSeedcontext source
[bytes
] Apache v2 only
This configures one or more sources for seeding the PRNG in OpenSSL
at startup time (context
is
'startup'
) and/or just before a new SSL connection
is established (context
is
'connect'
). This directive can only be used in the
global server context because the PRNG is a global facility.
Specifying the builtin
value for
source
indicates the built-in seeding
source. The source used for seeding the PRNG consists of the current
time, the current process id, and (when applicable) a randomly chosen
1KB extract of the interprocess scoreboard structure of Apache.
However, this is not a strong source, and at startup time (where the
scoreboard is not available) it produces only a few bytes of entropy.
So if you are seeding at startup, you should use an additional seeding source of the form:
file:/path
/to
/source
This variant uses an external file
/path/to/source as the source for seeding the
PRNG. When bytes is specified, only the first bytes number of bytes
of the file form the entropy (and bytes
is
given to /path/to/source as the first argument).
When bytes
is not specified, the whole
file forms the entropy (and 0
is given to
/path/to/source as the first argument). Use this
especially at startup time, for instance with /dev/random
and/or /dev/urandom devices (which
usually exist on modern Unix derivatives like FreeBSD and Linux).
Note
Although /dev/random provides better quality data, it may not have the number of ...
Get Apache: The Definitive Guide, 3rd Edition now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.