PEP #: 35
TITLE: Add support for /dev/random in SSLContext
Version: 1.1
Authors: Nag Boranna
State: Review
Type: Functionality enhancement
Created: February 14, 2003
Version History:
Version | Date | Authors | Reason |
1.0 | 02/14/03 | Nag Boranna | Initial proposal |
1.1 | 03/13/03 | Nag Boranna | Updated status |
Abstract: Pegasus currently takes a random file name as a parameter to SSLContext constructor and uses this random file to seed the PRNG (Pseudo-Random Number Generator). This is done only on platforms that do not have /dev/random available. On platforms that have /dev/urandom available, OpenSSL will try to seed the PRNG transparently. However, for better entropy it is a good idea to read the /dev/random directly. This PEP proposes the enhancement to use /dev/random on platforms that support it based on the compile time flag PEGASUS_USE_DEVRANDOM.
Problem:
Pegasus currently does not support use of /dev/random to seed the PRNG. OpenSSL will try to seed the PRNG transparently from /dev/urandom if available on the platform, otherwise the specified random file is used to seed the PRNG. This may result in less secure SSL connections.
Solution:
This PEP proposes modification of the Pegasus SSLContext class to allow the option of using /dev/random to seed the PRNG. If the flag PEGASUS_USE_DEVRANDOM is set and /dev/random is available, then /dev/random is used to seed the PRNG. Otherwise, if the flag PEGASUS_USE_DEVRANDOM is not set or /dev/random is not available the existing behavior is maintained.
Schedule:
Action | Planned | Actual | Comment |
PEP Submitted | 02/14/03 | 02/14/03 | |
PEP Reviewed | 02/21/03 | 02/21/03 | |
PEP Approved | 02/28/03 | 03/07/03 | |
Code Committed | 03/07/03 | 03/13/03 |