Article delegate-en/944 of [1-5169] on the server localhost:119
  upper oldest olders older1 this newer1 newers latest
search
[Top/Up] [oldest] - [Older+chunk] - [Newer+chunk] - [newest + Check]

Newsgroups: mail-lists.delegate-en

[DeleGate-En] ssl bug
23 Dec 2000 15:20:24 GMT Hue Le <pwabqbdyi-puniz7a4ro5r.ml@ml.delegate.org>
Cisco Systems, Inc.


I got this message:
12/23 07:19:16.75 [16978] 2+1: -- Fork(FSV): 16977 -> 16978
12/23 07:19:16.75 [16978] 2+1: #### execFilter[FSV]
[/home/huele/FAILOVER/delegate6.1.21/lib/sslway]sslway
12/23 07:19:16.78 [16977] 2+1: HTTP => (cco-tools-dev.cisco.com:443) GET
/aitest/ HTTP/1.0^M
12/23 07:19:16.78 [16977] 2+1: #HT11 FORCE HTTP/1.1 or
Connection:keep-alive
## SSLway[16978](huele-dsl4) connect failed
16978:error:24064064:random number generator:SSLEAY_RAND_BYTES:PRNG not
seeded:md_rand.c:474:You need to read the OpenSSL FAQ,
http://www.openssl.org/support/faq.html
16978:error:05067003:Diffie-Hellman routines:DH_generate_key:BN
lib:dh_key.c:148:
16978:error:14098005:SSL routines:SSL3_SEND_CLIENT_KEY_EXCHANGE:bad asn1
object header:s3_clnt.c:1415:
12/23 07:19:16.90 [16977] 2+1: HTTP realy_response: EOF at start
12/23 07:19:16.90 [16977] 2+1: #HT11 EOF from the server
12/23 07:19:16.90 [16977] 2+1: #HT11 close svsokcs[19,20]
12/23 07:19:16.91 [16977] 2+1/1: HCKA:[1] closed -- ?

And check http://www.openssl.org/support/faq.html . Any idea?

1. Why do I get a "PRNG not seeded" error message?

              Cryptographic software needs a source of unpredictable
data to work correctly. Many open source operating systems provide a
"randomness
              device" that serves this purpose. On other systems,
applications have to call the RAND_add() or RAND_seed() function with
appropriate data
              before generating keys or performing public key
encryption.

              Some broken applications do not do this. As of version
0.9.5, the OpenSSL functions that need randomness report an error if the
random
              number generator has not been seeded with at least 128
bits of randomness. If this error occurs, please contact the author of
the application
              you are using. It is likely that it never worked
correctly. OpenSSL 0.9.5 and later make the error visible by refusing to
perform potentially
              insecure encryption.

              On systems without /dev/urandom, it is a good idea to use
the Entropy Gathering Demon; see the RAND_egd() manpage for details.

              Most components of the openssl command line tool try to
use the file $HOME/.rnd (or $RANDFILE, if this environment variable is
set) for
              seeding the PRNG. If this file does not exist or is too
short, the "PRNG not seeded" error message may occur.

              [Note to OpenSSL 0.9.5 users: The command "openssl rsa" in
version 0.9.5 does not do this and will fail on systems without
/dev/urandom
              when trying to password-encrypt an RSA key! This is a bug
in the library; try a later version instead.]

              For Solaris 2.6, Tim Nibbe <tnibbe@sprint..> and others
have suggested installing the SUNski package from Sun patch 105710-01
(Sparc)
              which adds a /dev/random device and make sure it gets
used, usually through $RANDFILE. There are probably similar patches for
the other
              Solaris versions. However, be warned that /dev/random is
usually a blocking device, which may have some effects on OpenSSL.



  admin search upper oldest olders older1 this newer1 newers latest
[Top/Up] [oldest] - [Older+chunk] - [Newer+chunk] - [newest + Check]
@_@V