Bug#338319: [338319] exim4: no entropy on starting
Marc Haber
mh+debian-packages at zugschlus.de
Sun Oct 8 00:59:37 UTC 2006
On Sat, Oct 07, 2006 at 06:55:09PM -0400, Ben Collins wrote:
> On Sat, 2006-10-07 at 18:51 +0200, Marc Haber wrote:
> > Frankly, I don't see a gain in generating the dh_parameters on package
> > installation or from the init script. Am I missing something?
>
> The benefit is that during installation, people expect things to be
> down. When it's installed, people don't expect their smtp server to
> start timing because of lack of entropy.
With gnutls-bin or openssl installed, dh-params are generated
asynchronously, so the only time where no dh-params are available is
right after installation.
> If I installed the package, and it asked for entropy then (or did
> it when exim first started up) then you know there's a delay, and you
> know why, and it gives you the opportunity to create this entropy
> without worrying about things like an smtp connection timing out.
>
> The bad thing about it happening when first connection occurs is that if
> the smtp connection times out, all of that entropy it got already is
> thrown away. The next connection starts the process again, most likely
> with zero entropy at that point.
If an exim starts creating its own dh-params while the first
asynchronous dh-param generation is already running, you have multiple
processes competing over the precious entropy while both are trying to
accomplish the same.
> You should not have to jigger a setup like this.
Agreed, but I don't see an acceptable fix at the moment.
Greetings
Marc
--
-----------------------------------------------------------------------------
Marc Haber | "I don't trust Computers. They | Mailadresse im Header
Mannheim, Germany | lose things." Winona Ryder | Fon: *49 621 72739834
Nordisch by Nature | How to make an American Quilt | Fax: *49 621 72739835
More information about the Pkg-exim4-maintainers
mailing list