Bug#338319: [338319] exim4: no entropy on starting
Marc Haber
mh+debian-packages at zugschlus.de
Sat Oct 7 16:51:12 UTC 2006
On Sun, Aug 27, 2006 at 11:09:55PM +0200, Ben Collins wrote:
> IMO, the best way to handle this would be just like sshd. It does not
> generate an RSA on first connection, it does it when the package is
> installed.
>
> Either generate this initial key at install, or detect that TLS is
> enabled in the init script and generate it if doesn't exist.
I am not sure whether this is going to work. Generating dh_parameters
is very fast if enough entropy is available, so in case that enough
entropy is available, we don't need to bother and can have exim
generate them on first connection.
If not enough entropy is available, generating dh_parameters is going
to take a looooooong time, so we'd either have a long delay on package
installation (in which case exim is not going to be available any
earlier), or we'd send the dh_parameters generation in the background
which will cause exim to generate the dh_parameters on first
connection, resulting in exim being unavailable until the
dh_parameters have been built.
Frankly, I don't see a gain in generating the dh_parameters on package
installation or from the init script. Am I missing something?
Greetings
Marc
--
-----------------------------------------------------------------------------
Marc Haber | "I don't trust Computers. They | Mailadresse im Header
Mannheim, Germany | lose things." Winona Ryder | Fon: *49 621 72739834
Nordisch by Nature | How to make an American Quilt | Fax: *49 621 72739835
More information about the Pkg-exim4-maintainers
mailing list