[erlang-questions] strange crypto error in R16B03

Andreas Schultz <>
Wed Apr 23 09:15:28 CEST 2014


Hi,

----- Original Message -----
> Hi all,
> 
> We are running R16B03 nodes (SuSE10SP1 maintained by our cloud vendor) which
> uses ibrowse to initiate https requests to remote services. We restart the
> nodes every week and they worked fine until recently.
> 
> Ever since the last 2 restarts we have been experiencing a number of failures
> on our servers, logs show the error is caused by crypto:generate_key/3 (dh)
> returning a single atom 'error'.
> 
> We observe the error may start to show up at arbitrary points in time, and
> once it starts to fail, all subsequent calls to crypto:generate_key/3 on
> that node returns 'error'. The only solution we found is to restart the
> node, on some occasions more than once.
> 
> I'm not familiar when the details of crypto, and counldn't find any
> solution/explanation for this error after some googling. Can anyone shed
> some light on how to deal with this problem?

Off the top my head I would say your box has exhausted /dev/random. Check
/proc/sys/kernel/random/entropy_avail for the amount available. OpenSSL
has an internal entropy pool, but reseeds it from /dev/random from time
to time. If it can't do that, it might fail in the way you see.

Andreas

> 
> PS the OpenSSL version installed is: 0.9.8a
> 
> 
> _______________________________________________
> erlang-questions mailing list
> 
> http://erlang.org/mailman/listinfo/erlang-questions
> 

-- 
-- 
Dipl. Inform.
Andreas Schultz

email: 
phone: +49-391-819099-224
mobil: +49-170-2226073

------------------- enabling your networks -------------------

Travelping GmbH               phone:         +49-391-819099229
Roentgenstr. 13               fax:           +49-391-819099299
D-39108 Magdeburg             email:       
GERMANY                       web:   http://www.travelping.com

Company Registration: Amtsgericht Stendal Reg No.:   HRB 10578
Geschaeftsfuehrer: Holger Winkelmann | VAT ID No.: DE236673780
--------------------------------------------------------------



More information about the erlang-questions mailing list