Jump to content
Larry Ullman's Book Forums

Recommended Posts

Hello Larry,

I came across some questions when developing on localhost and enabling https. Xampp's apache configuration file: httpd-ssl.conf, has the following commented out:

#SSLRandomSeed startup file:/dev/random  512
#SSLRandomSeed startup file:/dev/urandom 512
#SSLRandomSeed connect file:/dev/random  512
#SSLRandomSeed connect file:/dev/urandom 512

Looking up recommendations, I found out that I should enable the urandom library like so:

#SSLRandomSeed startup file:/dev/random  512
SSLRandomSeed startup file:/dev/urandom 512
#SSLRandomSeed connect file:/dev/random  512
SSLRandomSeed connect file:/dev/urandom 512 

 

However, is there a reason why it is commented out? Maybe newer versions of php already implement it somehow or the library was declared somewhere else which means I shouldn't even be doing this myself? I ask this because the php manual says that session.hash_function and session.entropy_file were removed in some newer versions of php and the php.ini file?

My second question is why is it 512 and not 256 ? I assume that the number indicates a sha function to be used with php? 

Edited by SamuelL
typo
Link to comment
Share on other sites

Just to clarify, this would be an Apache and XAMPP issue, not a PHP one: https://httpd.apache.org/docs/2.4/mod/mod_ssl.html#sslrandomseed

I assume XAMPP has them commented out by default b/c people may not be using these in particular, so they just have representative values. Personally I never spend any time worrying about the local SSL stuff as it's just a dev environment. As for the bytes argument, the more bytes the more secure but also the more processing required. You'd want this to be an appropriate value for all the parameters of your system. 

Link to comment
Share on other sites

 Share

×
×
  • Create New...