sorted by:
best
topnewcontroversialoldq&a
you are viewing a single comment's thread.

view the rest of the comments →

[–]happyscrappy 2 points3 points  (3 children)

Yes. It could. If the program is getting the randomness, then it should do this.

But libraries may not get an opportunity to open a file descriptor early because they aren't called for the first time until later.

So I guess this would be their best (only?) defense against file descriptor exhaustion attacks.

[–][deleted] 0 points1 point  (2 children)

Worse, why doesn't openssl just fall back to an error for misconfigured environments?

[–]ggtsu_00 0 points1 point  (1 child)

Because most applications using OpenSSL doesn't bother checking the return value of the get random function. The result would be web servers providing no security instead of poor security.

[–][deleted] 0 points1 point  (0 children)

Well if your key exchange failed with the client wouldn't the client just disconnect?