[Date Prev][Date Next] [Chronological] [Thread] [Top]

RE: PRNG not seeded



OpenSSL seems to indicate that this is the application's responsibility
http://www.openssl.org/support/faq.html#6.

It also suggests that systems without /dev/urandom
use the Entropy Gathering Daemon.

Is this what OpenLDAP recommends? If development work is
needed, where should I look into?

TIA

-Ted C. Cheng

-----Original Message-----
From: Howard Chu [mailto:hyc@highlandsun.com]
Sent: Monday, June 26, 2000 2:33 PM
To: Cheng, Ted C; openldap-devel@OpenLDAP.org
Subject: RE: PRNG not seeded


That's an openssl error code, not an LDAP error. You are probably using
OpenSSL 0.95 or newer and haven't configured your PRNG. You should re-read
the openssl docs or go look through the openssl-users mailing list archive.
Look on www.openssl.org.

  -- Howard Chu
  Chief Architect, Symas Corp.       Director, Highland Sun
  http://www.symas.com               http://highlandsun.com/hyc

> -----Original Message-----
> From: owner-openldap-devel@OpenLDAP.org
> [mailto:owner-openldap-devel@OpenLDAP.org]On Behalf Of Cheng, Ted C
> Sent: Monday, June 26, 2000 1:10 PM
> To: openldap-devel@OpenLDAP.org
> Subject: PRNG not seeded
>
>
>
> I am using ldapsearch with the '-Z' option, but
> got the following messages. Do I need to configure
> client/server to properly seed the random number
> generator?
>
> I would appreciate any assistance in resolving this
> matter.
>
>
> ldapsearch:
>
> TLS trace: SSL_connect:before/connect initialization
> TLS trace: SSL_connect:SSLv2/v3 write client hello A
> TLS trace: SSL_connect:SSLv3 read server hello A
> TLS trace: SSL_connect:SSLv3 read server certificate A
> TLS trace: SSL_connect:SSLv3 read server certificate request A
> TLS trace: SSL_connect:SSLv3 read server done A
> TLS trace: SSL_connect:SSLv3 write client certificate A
> TLS trace: SSL_connect:error in SSLv3 write client key exchange A
> TLS trace: SSL_connect:error in SSLv3 write client key exchange A
> TLS: can't connect.
> ldap_bind_s
> ...
> ber_get_next failed.
> ldap_perror
> ldap_bind: Can't contact LDAP server
>         additional info: error:24064064:random number
> generator:SSLEAY_RAND_BYTES
> :PRNG not seeded
>
>
> slapd:
>
> TLS trace: SSL_accept:before/accept initialization
> TLS trace: SSL_accept:SSLv3 read client hello A
> TLS trace: SSL_accept:SSLv3 write server hello A
> TLS trace: SSL_accept:SSLv3 write certificate A
> TLS trace: SSL_accept:SSLv3 write certificate request A
> TLS trace: SSL_accept:SSLv3 flush data
> TLS trace: SSL_accept:SSLv3 read client certificate A
> TLS trace: SSL3 alert write:fatal:unknown
> TLS trace: SSL_accept:error in SSLv3 read client key exchange A
> TLS trace: SSL_accept:error in SSLv3 read client key exchange A
> TLS: can't accept.
> TLS: error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version number
> .\ssl\s3_p
> kt.c:279
>