Nature of request:
Request Connect ODBC and JDBC drivers to allow specification of the location of the random number generator to be used as a seed for SSL key generation for encryption.
The drivers are hard-coded to use /dev/random for the generation of the random number used by SSL. In some instances the entropy required for /dev/random to return are low, and this causes a block on the call, resulting in unacceptable delays. Other random number generators use different sources for entropy, and don’t have the delays associated with /dev/random. Using these would be preferable for some people.
Evaluation of possible alternatives:
Creating a symbolic link from /dev/random to the desired random number generator is possible, but not encouraged in every environment.
Accepted for delivery in Q1 2015. Initiative 186544.
We have a closed, tightly controlled security appliance environment with dependencies on /dev/random. It would be difficult if not impossible to use the symbolic link approach as it would apply to all components wholesale. Specifying which rn generator to use will ease the pressure/pain.
Request a speedy positive resolution!
Could you provide us an update on the timeframe ? Any firm dates ?