Informational note to others, as this information used to
be hard to obtain:
On Linux (for comparison):
/dev/urandom produces as many random bytes as you want (with
multiple calls if necessary), but if you read more than the
random input available to the kernel, this will be a medium-
grade cryptographic PRNG stretching the available bits.
/dev/urandom produces as many random bytes as you want (with
multiple calls if necessary), but if you read more than the
random input available to the kernel,your call will block
waiting for the kernel to gather more random input.
On SunOS/Solaris:
SunOS version 5.3 (Solaris 2.3) and older have no real
/dev/random. Sun's prepackaged Apache (SUNWSki) includes a
bad user mode emulation which will return just enough bits
for Apache ONCE, then just block forever.
SunOS 5.4 to 5.8 can be configured either with the bad user
mode emulation for their own Apache build (see above), OR
by installing one of the following patches (there are different
official and 3rd party patches):
SunOS/Solaris version Official Patch Unofficial Patch (Google it)
5.4/2.4 None SUNRand 0.7a
5.5/2.5 None SUNRand 0.7a
5.51/2.51 None SUNRand 0.7a or 0.8
5.6/2.6 SUNWSki? SUNRand 0.7a or 0.8
5.7/7 SUNWSki? SUNRand 0.7a or 0.8
5.8/8 (x86/x64_86) 112439 SUNRand 0.7a or 0.8
5.8/8 (Sparc) 112438SUNRand 0.7a or 0.8
SunOS 5.9 (Solaris 9) and later include a real /dev/random
and /dev/urandom in the kernel by default.
On 1/24/2012 12:29 AM, William A Rowe Jr wrote:
/dev/random is your culprit... your config isn't 100% transportable
between Solaris and linux.
/Sent from my Verizon Wireless 4G LTE Phone/
-----Original message-----
*From: *Ruiyuan Jiang <ruiyuan_ji...@liz.com>*
To: *"openssl-users@openssl.org" <openssl-users@openssl.org>*
Sent: *Mon, Jan 23, 2012 23:23:51 GMT+00:00*
Subject: *Can't start Apache when ssl is enabled on RHEL v5.7
Hi,
I have two Apache 2.2.21 reverse proxy servers on Solaris 10
(SPARC) with OpenSSL (v1.0.0x) enabled. They are running fine so
far. Now we want to migrate Apache to Redhat Enterprise server
v5.7 (64 bit). I compiled Oopenssl with 64 bit option specified on
RHEL and then compiled Apache the same way and same option as on
the Solaris through a script that I saved. I copied all the
modified necessary configuration files from Solaris and
certificates from Solaris to Redhat and made necessary changes
such as IP addresses for Apache. When I start Apache on the
Redhat, Apache just sits there without giving back the shell
prompt. The Apache access log and error log are empty so I don't
know the reason. If I disable Apache’s https and start only http,
Apache starts fine. Does anyone know what could be for ssl problem
on Redhat? Thanks.
Ryan Jiang
This message (including any attachments) is intended
solely for the specific individual(s) or entity(ies) named
above, and may contain legally privileged and
confidential information. If you are not the intended
recipient, please notify the sender immediately by
replying to this message and then delete it.
Any disclosure, copying, or distribution of this message,
or the taking of any action based on it, by other than the
intended recipient, is strictly prohibited.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager majord...@openssl.org
