PRNG errors

PRNG errors

am 31.07.2002 19:10:08 von cbenn

Hello everyone.

I just upgraded my OpenSSL yesterday from 9.6c to 9.6e, then recompiled my
mod_ssl-2.8.10-1.3.26 and Apache on OpenBSD 3.0. Everything seemed to go
fine, but now all my https request are unable to connect. According to all
the docs I've seen the error message suggest changing the "SSLRandomSeed"
setting in the httpd.conf, however I've tried various setting, see the new
value for the "Seeding PRNG" line in the log, but the handshake still
fails with the same error message. Can anyone suggest anything else that
maybe the issue.

Thanks,
benn

####From httpd.conf####
# Pseudo Random Number Generator (PRNG):
SSLRandomSeed startup builtin
SSLRandomSeed connect builtin

####From ssl_engine_log####
[31/Jul/2002 09:49:00 30490] [info] Connection to child 3 established
(server www.host.com:443, client 127.0.0.1)
[31/Jul/2002 09:49:00 30490] [info] Seeding PRNG with 1160 bytes of
entropy
[31/Jul/2002 09:49:00 30490] [error] SSL handshake failed (server
www.host.com:443, client 127.0.0.1) (OpenSSL library error follows)
[31/Jul/2002 09:49:00 30490] [error] OpenSSL: error:24064064:random number
generator:SSLEAY_RAND_BYTES:PRNG not seeded
[31/Jul/2002 09:49:00 30490] [error] OpenSSL: error:24064064:random number
generator:SSLEAY_RAND_BYTES:PRNG not seeded
[31/Jul/2002 09:49:00 30490] [error] OpenSSL: error:24064064:random number
generator:SSLEAY_RAND_BYTES:PRNG not seeded
[31/Jul/2002 09:49:00 30490] [error] OpenSSL: error:1409B005:SSL
routines:SSL3_SEND_SERVER_KEY_EXCHANGE:bad asn1 object header
____________________________________________________________ __________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager majordomo@modssl.org

RE: PRNG errors

am 01.08.2002 09:58:20 von b.courtin

Hi,

the combination of software you use works fine for me on solaris 8.

However, when using these versions, I faced the following probelm:

-> apache wont start up with the option "SSLRandomSeed startup builtin" enabled. I then installed the package "ANDIrand-0.7-5.8-sparc-1.pkg" from "http://www.cosy.sbg.ac.at/~andi/" which provides a /dev/random resp. /dev/urandom.

Using this (SSLRandomSeed startup file:/dev/urandom 1024) my apache starts up fine.

So:
- Does OpenBSD have a /dev/urandom? -> Try using it-
- If not, maybe the package I stated above is available for OpenBSD as well.


Kind regards,
B. Courtin


BTW: For all those using mm: Please notice that there is a security bug in mm < version 1.2.1 as well which was announced on Jul 30 2002? Have a look here:

Advisory: http://www.openpkg.org/security/OpenPKG-SA-2002.007-mm.html (CERT ID "2002-453dcert").

You can get the latest version of mm here: http://www.ossp.org/pkg/lib/mm/





-----Original Message-----
From: cbenn [mailto:benn@www.antimouse.com]
Sent: Wednesday, July 31, 2002 7:10 PM
To: modssl-users@modssl.org
Subject: PRNG errors


Hello everyone.

I just upgraded my OpenSSL yesterday from 9.6c to 9.6e, then recompiled my
mod_ssl-2.8.10-1.3.26 and Apache on OpenBSD 3.0. Everything seemed to go
fine, but now all my https request are unable to connect. According to all
the docs I've seen the error message suggest changing the "SSLRandomSeed"
setting in the httpd.conf, however I've tried various setting, see the new
value for the "Seeding PRNG" line in the log, but the handshake still
fails with the same error message. Can anyone suggest anything else that
maybe the issue.

Thanks,
benn

####From httpd.conf####
# Pseudo Random Number Generator (PRNG):
SSLRandomSeed startup builtin
SSLRandomSeed connect builtin

####From ssl_engine_log####
[31/Jul/2002 09:49:00 30490] [info] Connection to child 3 established
(server www.host.com:443, client 127.0.0.1)
[31/Jul/2002 09:49:00 30490] [info] Seeding PRNG with 1160 bytes of
entropy
[31/Jul/2002 09:49:00 30490] [error] SSL handshake failed (server
www.host.com:443, client 127.0.0.1) (OpenSSL library error follows)
[31/Jul/2002 09:49:00 30490] [error] OpenSSL: error:24064064:random number
generator:SSLEAY_RAND_BYTES:PRNG not seeded
[31/Jul/2002 09:49:00 30490] [error] OpenSSL: error:24064064:random number
generator:SSLEAY_RAND_BYTES:PRNG not seeded
[31/Jul/2002 09:49:00 30490] [error] OpenSSL: error:24064064:random number
generator:SSLEAY_RAND_BYTES:PRNG not seeded
[31/Jul/2002 09:49:00 30490] [error] OpenSSL: error:1409B005:SSL
routines:SSL3_SEND_SERVER_KEY_EXCHANGE:bad asn1 object header
____________________________________________________________ __________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager majordomo@modssl.org
____________________________________________________________ __________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager majordomo@modssl.org