[Fedora-directory-commits] mod_nss/docs mod_nss.html,1.9,1.10
Robert Crittenden (rcritten)
fedora-directory-commits at redhat.com
Mon Oct 3 14:59:29 UTC 2005
- Previous message: [Fedora-directory-commits] mod_nss nss_engine_rand.c, NONE, 1.1 Makefile.am, 1.6, 1.7 Makefile.in, 1.9, 1.10 mod_nss.c, 1.8, 1.9 mod_nss.h, 1.7, 1.8 nss.conf.in, 1.6, 1.7 nss_engine_config.c, 1.8, 1.9 nss_engine_init.c, 1.13, 1.14
- Next message: [Fedora-directory-commits] ldapserver buildpaths.mk, 1.4, 1.5 component_versions.mk, 1.37, 1.38 components.mk, 1.31, 1.32 internal_buildpaths.mk, 1.5, 1.6 internal_comp_deps.mk, 1.26, 1.27 modules.awk, 1.6, 1.7 nsconfig.mk, 1.15, 1.16 nsdefs.mk, 1.13, 1.14
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
Author: rcritten
Update of /cvs/dirsec/mod_nss/docs
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv11437/docs
Modified Files:
mod_nss.html
Log Message:
Add support for seeding the NSS Random Number Generator. This adds
a new directive, NSSRandomSeed based on the mod_ssl SSLRandomSeed
directive.
Index: mod_nss.html
===================================================================
RCS file: /cvs/dirsec/mod_nss/docs/mod_nss.html,v
retrieving revision 1.9
retrieving revision 1.10
diff -u -r1.9 -r1.10
--- mod_nss.html 29 Sep 2005 19:35:44 -0000 1.9
+++ mod_nss.html 3 Oct 2005 14:59:26 -0000 1.10
@@ -249,7 +249,6 @@
<h1><a name="Directives"></a>Configuration Directives</h1>
The following mod_ssl Directives are not applicable to mod_nss:<br>
<ul>
- <li>SSLRandomSeed</li>
<li>SSLSessionCache</li>
<li>SSLMutex</li>
<li>SSLCertificateChainFile</li>
@@ -371,6 +370,35 @@
<br>
<code>NSSSession3CacheTimeout 86400</code><br>
<br>
+<big><big>NSSRandomSeed</big></big><br>
+<br>
+Configures sources to seed the NSS Random Number Generator (RNG) at
+startup. Currently this only supports seeding the RNG at startup.
+<br>
+<br>
+The following sources are available:<br>
+<ul>
+ <li><code>builtin:</code> Combines the current system time, the
+current process id
+and a randomly choosen 128-byte extract of the process stack. This is
+not a particularly strong source of entropy.</li>
+ <li><code>file:/path/to/source:</code> Reads from the specified file.
+If the number of bytes to read is specified it just reads that amount.
+Be aware that some operating systems block on /dev/random if not enough
+entropy is available. This means that the server will wait until that
+data is available to continue startup. These systems generally offer a
+non-blocking device as well, /dev/urandom.</li>
+ <li><code>exec:/path/to/program: Executes the given program and takes
+the stdout of it as the entryop. If the bytes argument is included it
+reads that many bytes, otherwise it reads until the program exits.</code><br>
+ </li>
+</ul>
+<span style="font-weight: bold;">Example</span><br>
+<br>
+<code>NSSRandomSeed startup builtin<br>
+NSSRandomSeed startup /dev/urandom 512<br>
+NSSRandomSeed startup /usr/bin/makerandom</code><br>
+<br>
<big><big>NSSEngine</big></big><br>
<br>
Enables or disables the SSL protocol. This is usually used within a
- Previous message: [Fedora-directory-commits] mod_nss nss_engine_rand.c, NONE, 1.1 Makefile.am, 1.6, 1.7 Makefile.in, 1.9, 1.10 mod_nss.c, 1.8, 1.9 mod_nss.h, 1.7, 1.8 nss.conf.in, 1.6, 1.7 nss_engine_config.c, 1.8, 1.9 nss_engine_init.c, 1.13, 1.14
- Next message: [Fedora-directory-commits] ldapserver buildpaths.mk, 1.4, 1.5 component_versions.mk, 1.37, 1.38 components.mk, 1.31, 1.32 internal_buildpaths.mk, 1.5, 1.6 internal_comp_deps.mk, 1.26, 1.27 modules.awk, 1.6, 1.7 nsconfig.mk, 1.15, 1.16 nsdefs.mk, 1.13, 1.14
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
More information about the 389-commits
mailing list