Hacker News new | past | comments | ask | show | jobs | submit login

You'll usually run out of entropy before cpu usage becomes relevant with SSL processing, I've seen old versions of apache hang with little or no entropy to process SSL connections. I recommend some sort of RNG or a poor mans software version such as http://www.issihosts.com/haveged/



This comment really opened my eyes -- thank you! I am still a bit confused though. I think I was running out of entropy, but it seems nginx should use /dev/urandom, which supposedly doesn't block -- just becomes less random when entropy runs out. So is nginx set up to block when entropy is depleted and that is why this happens?




Consider applying for YC's Spring batch! Applications are open till Feb 11.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: