LuKreme wrote:
On 21-Jul-2009, at 16:43, Quanah Gibson-Mount wrote:
On Wednesday, July 22, 2009 12:16 AM +0200 Patrick Ben Koetter
<p...@state-of-mind.de> wrote:
These days OpenSSL is able to determine which random source it wants to
use. This might explain why it is empty in a Postfix install on Mac
OS X,
since it isn't required anymore.
This is definitely used by the Postfix tlsmgr process
How'd you determine that?
Yes, it is used and required by postfix. The documentation
says it's used and if you explicitly unset it you'll get a
non-fatal warning something like "warning: no entropy source
specified with parameter tls_random_source" "warning:
encryption keys etc. may be predictable".
and it is specifically set on all Linux builds I do to be
dev:/dev/urandom.
And who set it? There is no such setting on my FreeBSD systems.
Yes, it is set as a default on FreeBSD (and Linux) when you
add TLS support.
# postconf tls_random_source
tls_random_source = dev:/dev/urandom
# uname
FreeBSD
-- Noel Jones
