Allow alternate random number generators for SSL seed - DataDirect Connect - Products Enhancements - Progress Community

 DataDirect Connect

Allow alternate random number generators for SSL seed

Nature of request:

Request Connect ODBC and JDBC drivers to allow specification of the location of the random number generator to be used as a seed for SSL key generation for encryption.

Use case/rationale:

The drivers are hard-coded to use /dev/random for the generation of the random number used by SSL. In some instances the entropy required for /dev/random to return are low, and this causes a block on the call, resulting in unacceptable delays. Other random number generators use different sources for entropy, and don’t have the delays associated with /dev/random. Using these would be preferable for some people.

Evaluation of possible alternatives:

Creating a symbolic link from /dev/random to the desired random number generator is possible, but not encouraged in every environment. 

Status update

Accepted for delivery in Q1 2015. Initiative 186544.

  • We have a closed, tightly controlled security appliance environment with dependencies on /dev/random. It would be difficult if not impossible to use the symbolic link approach as it would apply to all components wholesale. Specifying which rn generator to use will ease the pressure/pain.

    Request a speedy positive resolution!

  • Could you provide us an update on the timeframe ? Any firm dates ?