Bug#285371: exim4-daemon-heavy: gnutls-params not being re-created and hangs STARTTLS connections
Andreas Metzler
Andreas Metzler <ametzler@downhill.at.eu.org>, 285371@bugs.debian.org
Sun, 12 Dec 2004 23:34:31 +0100
On 2004-12-12 "Yazz D. Atlas" <yazz@230volts.net> wrote:
> Package: exim4-daemon-heavy
> Version: 4.34-9
> Severity: important
> Recently I upgrade and now for some reason one of my machine has stopped
> creating the /var/spool/exim4/gnutls-params file after the
> /etc/cron.daily/exim4-base removes it.
> The file never is regenerated. So when a client connects expecting TLS
> the client hangs waiting for exim4 to send it the TLS go ahead.
[...]
> My only solution right now it to comment out the line in the cron.daily
> script that removes the file in the first place but that isn't really a
> long time fix.
Hello,
Afaict this might happen if there is not enough random data available in
/dev/random. If you run exim[1] with debugging you'll probably see it
getting stuck on
| generating %d bit RSA key...
doing gnutls_rsa_params_generate2() or gnutls_dh_params_generate2()
I do not what (or if there is) a fix for that, exim is not needing a lot
of random data and according to gnutls' documentation doing this once
a day is sensible.
cu andreas
[1] Stop regular daemon and run "exim4 -bd -d". Stop with <Ctrl>-C
and don't forget to start the regular daemon again.
--
"See, I told you they'd listen to Reason," [SPOILER] Svfurlr fnlf,
fuhggvat qbja gur juveyvat tha.
Neal Stephenson in "Snow Crash"