* Sven Hartge: > So, conclusion: No the problem is not the gnutls-params file, but exim4 > using nearly each and every bit of entropy for a _single_ mail.
This is expected and is quite hard to fix properly. During your tests, did Exim hang? > Using exim4+openssl does not cause this massive drain of entropy. (I have > yet to test your patch to see if this also relieves the situation.) It does not. > Of course, regenerating the gnutls-params file every day depletes the pool > even more I don't think so. The pool is only 4096 bits large, and each TLS-using delivery process drains 120 * 5 * 8 = 4800 bits from it (because that's the way libgcrypt initializes its random number generator). In practice, this is always sufficient for generating a 512-bit RSA key. The problems begin when you're on a high-volume mail server and the delivery process drain entropy so fast that the key generation fails to gather the needed number of bits in a reasonable time period. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
