sect-Defensive_Coding-TLS-OpenSSL: Mention "openssl genrsa" entropy issue
This commit is contained in:
parent
eff2f5c71f
commit
564ffc8014
1 changed files with 9 additions and 0 deletions
|
@ -185,6 +185,15 @@
|
|||
For instance, a verification failure in <command>openssl
|
||||
verify</command> result in an exit status of zero.
|
||||
</para>
|
||||
<para>
|
||||
OpenSSL command-line commands, such as <command>openssl
|
||||
genrsa</command>, do not ensure that physical entropy is used
|
||||
for key generation—they obtain entropy from
|
||||
<filename>/dev/urandom</filename> and other sources, but not
|
||||
from <filename>/dev/random</filename>. Keys generated by
|
||||
these tools should not be used in high-value, critical
|
||||
functions.
|
||||
</para>
|
||||
<para>
|
||||
The OpenSSL server and client applications (<command>openssl
|
||||
s_client</command> and <command>openssl s_server</command>)
|
||||
|
|
Loading…
Add table
Add a link
Reference in a new issue