You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@subversion.apache.org by Mark Grosberg <ma...@nolab.conman.org> on 2003/11/12 23:12:12 UTC
Thoughs on issue #1563: TTimo's stalling checkout.
After a quick discussion on #svn I think I may have a clue as to what is
causing issue #1563. It may be because TTimo does large checkouts over SSL
that the connection gets re-negotiated.
If ephemeral keying is being used by SSL then it may need to draw more
entropy as the connection proceeds. Fitz pointed out that OpenSSL uses
/dev/random by default, not /dev/urandom.
Hmmm.... Sound familiar? It could be the same thing as our repository
creation hangs?
Thoughs?
L8r,
Mark G.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org
Re: Thoughs on issue #1563: TTimo's stalling checkout.
Posted by "B. W. Fitzpatrick" <fi...@red-bean.com>.
Brian Denny <br...@briandenny.net> writes:
>
> > > If ephemeral keying is being used by SSL then it may need to draw more
> > > entropy as the connection proceeds. Fitz pointed out that OpenSSL uses
> > > /dev/random by default, not /dev/urandom.
> > >
>
> The OpenSSL FAQ says otherwise:
>
> All OpenSSL versions try to use /dev/urandom by default; starting with
> version 0.9.7, OpenSSL also tries /dev/random if /dev/urandom is not
> available.
Actually, I said that *APR* uses /dev/random by default.
-Fitz
--
Brian W. Fitzpatrick <fi...@red-bean.com> http://www.red-bean.com/fitz/
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org
Re: Thoughs on issue #1563: TTimo's stalling checkout.
Posted by Brian Denny <br...@briandenny.net>.
> > If ephemeral keying is being used by SSL then it may need to draw more
> > entropy as the connection proceeds. Fitz pointed out that OpenSSL uses
> > /dev/random by default, not /dev/urandom.
> >
The OpenSSL FAQ says otherwise:
All OpenSSL versions try to use /dev/urandom by default; starting with
version 0.9.7, OpenSSL also tries /dev/random if /dev/urandom is not
available.
-brian
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org
Re: Thoughs on issue #1563: TTimo's stalling checkout.
Posted by Timothee Besset <tt...@idsoftware.com>.
I'm not familiar with SSL internals, but this is a very interesting and
new idea. I am currently waiting for 0.33 release to get the new backups
functionality and upgrade to 2.0.48 as well. You suggested using
/dev/urandom instead of /dev/random. Do you know how to select either
entropy device?
TTimo
On Wed, 12 Nov 2003 18:12:12 -0500 (EST)
Mark Grosberg <ma...@nolab.conman.org> wrote:
>
> After a quick discussion on #svn I think I may have a clue as to what is
> causing issue #1563. It may be because TTimo does large checkouts over SSL
> that the connection gets re-negotiated.
>
> If ephemeral keying is being used by SSL then it may need to draw more
> entropy as the connection proceeds. Fitz pointed out that OpenSSL uses
> /dev/random by default, not /dev/urandom.
>
> Hmmm.... Sound familiar? It could be the same thing as our repository
> creation hangs?
>
> Thoughs?
>
> L8r,
> Mark G.
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
> For additional commands, e-mail: dev-help@subversion.tigris.org
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org