diff options
author | Adriaan de Jong <dejong@fox-it.com> | 2012-04-02 09:28:03 +0200 |
---|---|---|
committer | David Sommerseth <davids@redhat.com> | 2012-04-27 23:33:27 +0200 |
commit | 0f25d2969f09ba4263dc37944e1f10405a2df461 (patch) | |
tree | 14cd353b6ed7f02b70f1b3636fa65bdde79a7518 /doc | |
parent | 6efeaa2e4462bc10f395d8aceed363c3e77b35a3 (diff) | |
download | openvpn-0f25d2969f09ba4263dc37944e1f10405a2df461.tar.gz openvpn-0f25d2969f09ba4263dc37944e1f10405a2df461.tar.xz openvpn-0f25d2969f09ba4263dc37944e1f10405a2df461.zip |
Added a configuration option to enable prediction resistance in the PolarSSL random number generator.
Signed-off-by: Eelse-jan Stutvoet <stutvoet@fox-it.com>
Signed-off-by: Adriaan de Jong <dejong@fox-it.com>
Acked-by: James Yonan <james@openvpn.net>
Message-Id: 1333351687-3732-2-git-send-email-dejong@fox-it.com
URL: http://article.gmane.org/gmane.network.openvpn.devel/6213
Signed-off-by: David Sommerseth <davids@redhat.com>
Notes
Notes:
This patch was ACKed by James Yonan in an IRC meeting March 29, 2012.
Currently, the meeting minutes have not been made public.
(David Sommerseth, Fri Apr 27 21:36:04 UTC 2012)
Diffstat (limited to 'doc')
-rw-r--r-- | doc/openvpn.8 | 14 |
1 files changed, 14 insertions, 0 deletions
diff --git a/doc/openvpn.8 b/doc/openvpn.8 index 53d6bdb..ee46de6 100644 --- a/doc/openvpn.8 +++ b/doc/openvpn.8 @@ -3846,6 +3846,20 @@ space-saving optimization that uses the unique identifier for datagram replay protection as the IV. .\"********************************************************* .TP +.B \-\-use-prediction-resistance +Enable prediction resistance on PolarSSL's RNG. + +Enabling prediction resistance causes the RNG to reseed in each +call for random. Reseeding this often can quickly deplete the kernel +entropy pool. + +If you need this option, please consider running a daemon that adds +entropy to the kernel pool. + +Note that this option only works with PolarSSL versions greater +than 1.1. +.\"********************************************************* +.TP .B \-\-test-crypto Do a self-test of OpenVPN's crypto options by encrypting and decrypting test packets using the data channel encryption options |