[openssl-users] Doubt about OpenSSL library initialization in an HTTP client application

silvioprog silvioprog at gmail.com
Mon Dec 12 17:46:12 UTC 2016

Finally I think I solved this problem! :-)

This is the patch I'm going to send to the `ssl_openssl_lib` authors:
http://pastebin.com/VgSpnwxB .

In short, I just removed the RAND_screen() call, generated a random buffer
using RAND_bytes() (based on
https://wiki.openssl.org/index.php/Random_Numbers#Software) seeding via

Thanks a lot for the help, dudes! :-)

On Sun, Dec 4, 2016 at 12:01 AM, silvioprog <silvioprog at gmail.com> wrote:

> Thanks for sharing the links, I'm going to check them.
> The original code call RAND_screen() only once in the app initialization,
> so can I replace it by RAND_add()? (I'm newbie on SSL)
> I've noticed the application is just a HTTP client consuming some web
> services via HTTPS. It doesn't call explicitly any OpenSSL random function,
> so I think it uses the default OpenSSL configurations.
> On Sat, Dec 3, 2016 at 3:42 PM, Jeffrey Walton <noloader at gmail.com> wrote:
> [...]
>> Also see https://wiki.openssl.org/index.php/Library_Initialization and
>> https://wiki.openssl.org/index.php/Random_Numbers#Windows_Issues.
>> The short of it is, you should stop relying on auto-initialization of
>> the RNG, and seed it yourself with a call to `RAND_add`.
>> Jeff
Silvio Clécio
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20161212/3425b03b/attachment-0001.html>

More information about the openssl-users mailing list