[erlang-questions] strange crypto error in R16B03
Andreas Schultz
aschultz@REDACTED
Wed Apr 23 09:15:28 CEST 2014
Hi,
----- Original Message -----
> Hi all,
>
> We are running R16B03 nodes (SuSE10SP1 maintained by our cloud vendor) which
> uses ibrowse to initiate https requests to remote services. We restart the
> nodes every week and they worked fine until recently.
>
> Ever since the last 2 restarts we have been experiencing a number of failures
> on our servers, logs show the error is caused by crypto:generate_key/3 (dh)
> returning a single atom 'error'.
>
> We observe the error may start to show up at arbitrary points in time, and
> once it starts to fail, all subsequent calls to crypto:generate_key/3 on
> that node returns 'error'. The only solution we found is to restart the
> node, on some occasions more than once.
>
> I'm not familiar when the details of crypto, and counldn't find any
> solution/explanation for this error after some googling. Can anyone shed
> some light on how to deal with this problem?
Off the top my head I would say your box has exhausted /dev/random. Check
/proc/sys/kernel/random/entropy_avail for the amount available. OpenSSL
has an internal entropy pool, but reseeds it from /dev/random from time
to time. If it can't do that, it might fail in the way you see.
Andreas
>
> PS the OpenSSL version installed is: 0.9.8a
>
>
> _______________________________________________
> erlang-questions mailing list
> erlang-questions@REDACTED
> http://erlang.org/mailman/listinfo/erlang-questions
>
--
--
Dipl. Inform.
Andreas Schultz
email: as@REDACTED
phone: +49-391-819099-224
mobil: +49-170-2226073
------------------- enabling your networks -------------------
Travelping GmbH phone: +49-391-819099229
Roentgenstr. 13 fax: +49-391-819099299
D-39108 Magdeburg email: info@REDACTED
GERMANY web: http://www.travelping.com
Company Registration: Amtsgericht Stendal Reg No.: HRB 10578
Geschaeftsfuehrer: Holger Winkelmann | VAT ID No.: DE236673780
--------------------------------------------------------------
More information about the erlang-questions
mailing list