Repository : http://git.fedorahosted.org/git/?p=secure-coding.git On branch : master >--------------------------------------------------------------- commit 564ffc80149307d0a99724e2689ed3a8816513bf Author: Florian Weimer <fweimer@xxxxxxxxxx> Date: Fri Apr 25 13:47:22 2014 +0200 sect-Defensive_Coding-TLS-OpenSSL: Mention "openssl genrsa" entropy issue >--------------------------------------------------------------- defensive-coding/en-US/Features-TLS.xml | 9 +++++++++ 1 files changed, 9 insertions(+), 0 deletions(-) diff --git a/defensive-coding/en-US/Features-TLS.xml b/defensive-coding/en-US/Features-TLS.xml index 936910d..f4da007 100644 --- a/defensive-coding/en-US/Features-TLS.xml +++ b/defensive-coding/en-US/Features-TLS.xml @@ -186,6 +186,15 @@ verify</command> result in an exit status of zero. </para> <para> + OpenSSL command-line commands, such as <command>openssl + genrsa</command>, do not ensure that physical entropy is used + for key generationâ??they obtain entropy from + <filename>/dev/urandom</filename> and other sources, but not + from <filename>/dev/random</filename>. Keys generated by + these tools should not be used in high-value, critical + functions. + </para> + <para> The OpenSSL server and client applications (<command>openssl s_client</command> and <command>openssl s_server</command>) are debugging tools and should <emphasis>never</emphasis> be
-- security mailing list security@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/security
