You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@httpd.apache.org by "J. W. Ballantine" <jw...@homer.att.com> on 2003/06/19 13:55:42 UTC

[users@httpd] Apache/2.1.0-dev, mod_ssl and insufficient entry

I'm trying to start Apache/2.1.0-dev with mod_ssl enabled and all
I keep getting is the dreaded:

[Wed Jun 18 15:31:59 2003] [warn] Init: PRNG still contains insufficient 
entropy!
[Wed Jun 18 15:31:59 2003] [error] Init: Failed to generate temporary 512 bit 
RSA private key
Configuration Failed

I understand that this is controlled by SSLRandomSeed in the httpd.conf file,
and I've tried the following pairs to generate enough entropy:

SSLRandomSeed startup exec:`/usr/local/add-on/egd/bin/egc.pl 
/etc/local/openssh/egd-pool`
SSLRandomSeed connect exec:`/usr/local/add-on/egd/bin/egc.pl 
/etc/local/openssh/egd-pool`

SSLRandomSeed startup egd:/etc/local/openssh/egd-pool
SSLRandomSeed connect egd:/etc/local/openssh/egd-pool

SSLRandomSeed startup file:/etc/local/openssh/httpd_ssl.seed
SSLRandomSeed connect file:/etc/local/openssh/httpd_ssl.seed


SSLRandomSeed startup builtin
SSLRandomSeed connect builtin

where /etc/local/openssh/httpd_ssl.seed was created by:
 /usr/local/add-on/egd/bin/egc.pl /etc/local/openssh/egd-pool read 255
and /etc/local/openssh/egd-pool is the socket from egd.pl ( which works
fine with pnrgd for opensshd ).

Any thoughts/pointers will be greatly appreciated.

The cvs date is 20030612 and other info on httpd are:

Server version: Apache/2.1.0-dev
Server built:   Jun 12 2003 12:14:31
Server version: Apache/2.1.0-dev
Server built:   Jun 12 2003 12:14:31
Server's Module Magic Number: 20030213:1
Architecture:   32-bit
Server compiled with....
 -D APACHE_MPM_DIR="server/mpm/prefork"
 -D APR_HAS_MMAP
 -D APR_HAVE_IPV6 (IPv4-mapped addresses enabled)
 -D APR_USE_PROC_PTHREAD_SERIALIZE
 -D APR_USE_PTHREAD_SERIALIZE
 -D SINGLE_LISTEN_UNSERIALIZED_ACCEPT
 -D APR_HAS_OTHER_CHILD
 -D AP_HAVE_RELIABLE_PIPED_LOGS
 -D HTTPD_ROOT="/local/APACHE/Apache2"
 -D SUEXEC_BIN="/local/APACHE/Apache2/bin/suexec"
 -D DEFAULT_PIDLOG="logs/httpd.pid"
 -D DEFAULT_SCOREBOARD="logs/apache_runtime_status"
 -D DEFAULT_LOCKFILE="logs/accept.lock"
 -D DEFAULT_ERRORLOG="logs/error_log"
 -D AP_TYPES_CONFIG_FILE="conf/mime.types"
 -D SERVER_CONFIG_FILE="conf/httpd.conf"
Compiled in modules:
  core.c
  mod_authn_file.c
  mod_authn_default.c
  mod_authz_host.c
  mod_authz_groupfile.c
  mod_authz_user.c
  mod_authz_default.c
  mod_auth_basic.c
  mod_include.c
  mod_log_config.c
  mod_env.c
  mod_setenvif.c
  mod_ssl.c
  prefork.c
  http_core.c
  mod_mime.c
  mod_status.c
  mod_autoindex.c
  mod_asis.c
  mod_cgi.c
  mod_negotiation.c
  mod_dir.c
  mod_imap.c
  mod_actions.c
  mod_userdir.c
  mod_alias.c
  mod_so.c




---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org

RE: [users@httpd] Apache/2.1.0-dev, mod_ssl and insufficient entry

Posted by Sander Holthaus - Orange XL <in...@orangexl.com>.

This question is probably more appropiate on the development-list. As far as
I know there are some issues with SSL and Apache /2.1.0.

Kind Regards,
Sander Holthaus

-----Original Message-----
From: J. W. Ballantine [mailto:jwb@homer.att.com] 
Sent: donderdag 19 juni 2003 13:56
To: users@httpd.apache.org
Subject: [users@httpd] Apache/2.1.0-dev, mod_ssl and insufficient entry


I'm trying to start Apache/2.1.0-dev with mod_ssl enabled and all I keep
getting is the dreaded:

[Wed Jun 18 15:31:59 2003] [warn] Init: PRNG still contains insufficient 
entropy!
[Wed Jun 18 15:31:59 2003] [error] Init: Failed to generate temporary 512
bit 
RSA private key
Configuration Failed

I understand that this is controlled by SSLRandomSeed in the httpd.conf
file, and I've tried the following pairs to generate enough entropy:

SSLRandomSeed startup exec:`/usr/local/add-on/egd/bin/egc.pl 
/etc/local/openssh/egd-pool`
SSLRandomSeed connect exec:`/usr/local/add-on/egd/bin/egc.pl 
/etc/local/openssh/egd-pool`

SSLRandomSeed startup egd:/etc/local/openssh/egd-pool SSLRandomSeed connect
egd:/etc/local/openssh/egd-pool

SSLRandomSeed startup file:/etc/local/openssh/httpd_ssl.seed
SSLRandomSeed connect file:/etc/local/openssh/httpd_ssl.seed


SSLRandomSeed startup builtin
SSLRandomSeed connect builtin

where /etc/local/openssh/httpd_ssl.seed was created by:
/usr/local/add-on/egd/bin/egc.pl /etc/local/openssh/egd-pool read 255 and
/etc/local/openssh/egd-pool is the socket from egd.pl ( which works fine
with pnrgd for opensshd ).

Any thoughts/pointers will be greatly appreciated.

The cvs date is 20030612 and other info on httpd are:

Server version: Apache/2.1.0-dev
Server built:   Jun 12 2003 12:14:31
Server version: Apache/2.1.0-dev
Server built:   Jun 12 2003 12:14:31
Server's Module Magic Number: 20030213:1
Architecture:   32-bit
Server compiled with....
 -D APACHE_MPM_DIR="server/mpm/prefork"
 -D APR_HAS_MMAP
 -D APR_HAVE_IPV6 (IPv4-mapped addresses enabled)
 -D APR_USE_PROC_PTHREAD_SERIALIZE
 -D APR_USE_PTHREAD_SERIALIZE
 -D SINGLE_LISTEN_UNSERIALIZED_ACCEPT
 -D APR_HAS_OTHER_CHILD
 -D AP_HAVE_RELIABLE_PIPED_LOGS
 -D HTTPD_ROOT="/local/APACHE/Apache2"
 -D SUEXEC_BIN="/local/APACHE/Apache2/bin/suexec"
 -D DEFAULT_PIDLOG="logs/httpd.pid"
 -D DEFAULT_SCOREBOARD="logs/apache_runtime_status"
 -D DEFAULT_LOCKFILE="logs/accept.lock"
 -D DEFAULT_ERRORLOG="logs/error_log"
 -D AP_TYPES_CONFIG_FILE="conf/mime.types"
 -D SERVER_CONFIG_FILE="conf/httpd.conf"
Compiled in modules:
  core.c
  mod_authn_file.c
  mod_authn_default.c
  mod_authz_host.c
  mod_authz_groupfile.c
  mod_authz_user.c
  mod_authz_default.c
  mod_auth_basic.c
  mod_include.c
  mod_log_config.c
  mod_env.c
  mod_setenvif.c
  mod_ssl.c
  prefork.c
  http_core.c
  mod_mime.c
  mod_status.c
  mod_autoindex.c
  mod_asis.c
  mod_cgi.c
  mod_negotiation.c
  mod_dir.c
  mod_imap.c
  mod_actions.c
  mod_userdir.c
  mod_alias.c
  mod_so.c




---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info. To
unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org



---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org