Bug#338319: [338319] exim4: no entropy on starting

[Marc Haber]

On Sat, Oct 07, 2006 at 06:55:09PM -0400, Ben Collins wrote:
> On Sat, 2006-10-07 at 18:51 +0200, Marc Haber wrote:
> > Frankly, I don't see a gain in generating the dh_parameters on package
> > installation or from the init script. Am I missing something?
> 
> The benefit is that during installation, people expect things to be
> down. When it's installed, people don't expect their smtp server to
> start timing because of lack of entropy.

With gnutls-bin or openssl installed, dh-params are generated
asynchronously, so the only time where no dh-params are available is
right after installation.

> If I installed the package, and it asked for entropy then (or did
> it when exim first started up) then you know there's a delay, and you
> know why, and it gives you the opportunity to create this entropy
> without worrying about things like an smtp connection timing out.
> 
> The bad thing about it happening when first connection occurs is that if
> the smtp connection times out, all of that entropy it got already is
> thrown away. The next connection starts the process again, most likely
> with zero entropy at that point.

If an exim starts creating its own dh-params while the first
asynchronous dh-param generation is already running, you have multiple
processes competing over the precious entropy while both are trying to
accomplish the same.

> You should not have to jigger a setup like this.

Agreed, but I don't see an acceptable fix at the moment.

Greetings
Marc

-- 
-----------------------------------------------------------------------------
Marc Haber         | "I don't trust Computers. They | Mailadresse im Header
Mannheim, Germany  |  lose things."    Winona Ryder | Fon: *49 621 72739834
Nordisch by Nature |  How to make an American Quilt | Fax: *49 621 72739835