diff options
| author | rcritten <> | 2005-10-03 14:59:26 +0000 |
|---|---|---|
| committer | rcritten <> | 2005-10-03 14:59:26 +0000 |
| commit | 252fddba6cd7431db7cbd8a677bb52860ef5ba0a (patch) | |
| tree | 61870bc9bc6ff42f336a757fcffc4767627bd4b2 /docs/mod_nss.html | |
| parent | 98c66d1255fdb2fc60defa96a8eeaa7085c6f467 (diff) | |
| download | mod_nss-252fddba6cd7431db7cbd8a677bb52860ef5ba0a.tar.gz mod_nss-252fddba6cd7431db7cbd8a677bb52860ef5ba0a.tar.xz mod_nss-252fddba6cd7431db7cbd8a677bb52860ef5ba0a.zip | |
Add support for seeding the NSS Random Number Generator. This adds
a new directive, NSSRandomSeed based on the mod_ssl SSLRandomSeed
directive.
Diffstat (limited to 'docs/mod_nss.html')
| -rw-r--r-- | docs/mod_nss.html | 30 |
1 files changed, 29 insertions, 1 deletions
diff --git a/docs/mod_nss.html b/docs/mod_nss.html index 7d6f5f1..71d1ada 100644 --- a/docs/mod_nss.html +++ b/docs/mod_nss.html @@ -249,7 +249,6 @@ to verify that the migration was successful.<br> <h1><a name="Directives"></a>Configuration Directives</h1> The following mod_ssl Directives are not applicable to mod_nss:<br> <ul> - <li>SSLRandomSeed</li> <li>SSLSessionCache</li> <li>SSLMutex</li> <li>SSLCertificateChainFile</li> @@ -371,6 +370,35 @@ The default value is 86400 (24 hours).<br> <br> <code>NSSSession3CacheTimeout 86400</code><br> <br> +<big><big>NSSRandomSeed</big></big><br> +<br> +Configures sources to seed the NSS Random Number Generator (RNG) at +startup. Currently this only supports seeding the RNG at startup. +<br> +<br> +The following sources are available:<br> +<ul> + <li><code>builtin:</code> Combines the current system time, the +current process id +and a randomly choosen 128-byte extract of the process stack. This is +not a particularly strong source of entropy.</li> + <li><code>file:/path/to/source:</code> Reads from the specified file. +If the number of bytes to read is specified it just reads that amount. +Be aware that some operating systems block on /dev/random if not enough +entropy is available. This means that the server will wait until that +data is available to continue startup. These systems generally offer a +non-blocking device as well, /dev/urandom.</li> + <li><code>exec:/path/to/program: Executes the given program and takes +the stdout of it as the entryop. If the bytes argument is included it +reads that many bytes, otherwise it reads until the program exits.</code><br> + </li> +</ul> +<span style="font-weight: bold;">Example</span><br> +<br> +<code>NSSRandomSeed startup builtin<br> +NSSRandomSeed startup /dev/urandom 512<br> +NSSRandomSeed startup /usr/bin/makerandom</code><br> +<br> <big><big>NSSEngine</big></big><br> <br> Enables or disables the SSL protocol. This is usually used within a |