7 Oct
2019
7 Oct
'19
5:31 p.m.
Hi Daniel,
thank you for integrating the changes in the stable branches, I could
have done it later as well.
One remark about the README change - in my opinion the krand and
fastrand should not used in production. They will generate to weak
random numbers. Refer for example to this wikipedia summary:
https://en.wikipedia.org/wiki/Random_number_generator_attack#Prominent_exam…
Many systems were broken by using insufficient random number generators.
So I think the documentation should indicate this as well.
Cheers,
Henning
Am 07.10.19 um 15:11 schrieb Daniel-Constantin Mierla:
Module: kamailio
Branch: master
Commit: 4e9f49a5e8ebd90d6b6913310402acea7f5a3ca9
URL:
https://github.com/kamailio/kamailio/commit/4e9f49a5e8ebd90d6b6913310402ace…
Author: Daniel-Constantin Mierla <miconda(a)gmail.com>
Committer: Daniel-Constantin Mierla <miconda(a)gmail.com>
Date: 2019-10-07T15:07:41+02:00
tls: docs - relocated the note about krand and fastrand from default value paragraph
- rephrased a bit to avoid eventual confusion they are not production ready
---
Modified: src/modules/tls/doc/params.xml
---
Diff:
https://github.com/kamailio/kamailio/commit/4e9f49a5e8ebd90d6b6913310402ace…
Patch:
https://github.com/kamailio/kamailio/commit/4e9f49a5e8ebd90d6b6913310402ace…
---
diff --git a/src/modules/tls/doc/params.xml b/src/modules/tls/doc/params.xml
index 72d3278ed7..dc6494c2db 100644
--- a/src/modules/tls/doc/params.xml
+++ b/src/modules/tls/doc/params.xml
@@ -1259,13 +1259,16 @@ end
<itemizedlist>
<listitem><para>krand - use internal kam_rand()
function</para></listitem>
<listitem><para>fastrand - use internal fastrand
function</para></listitem>
- <listitem><para>cryptorand - use internal cryptorand
function</para></listitem>
+ <listitem><para>cryptorand - use internal cryptorand (fortuna)
function</para></listitem>
</itemizedlist>
+ <para>
+ Note: the krand and fastrand engines are not recommended for use on
+ systems requiring strong security, as they may not generate numbers
+ with enough randomness.
+ </para>
<para>
The default value is empty (not set) for libssl v1.0.x or older, and
- "cryptorand" for libssl v1.1.x or newer. The krand and fastrand engines
are
- not recommended for production use, as they will not generate secure enough
- random numbers.
+ "cryptorand" for libssl v1.1.x or newer.
</para>
<example>
<title>Set <varname>rand_engine</varname>
parameter</title>
_______________________________________________
Kamailio (SER) - Development Mailing List
sr-dev(a)lists.kamailio.org
https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-dev
--
Kamailio Merchandising - https://skalatan.de/merchandising/
Kamailio services - https://skalatan.de/services
Henning Westerholt - https://skalatan.de/blog/