Re: Hundreds of crypto file descriptors for Apache httpd

To: netbsd-users%netbsd.org@localhost
Subject: Re: Hundreds of crypto file descriptors for Apache httpd
From: mlelstv%serpens.de@localhost (Michael van Elst)
Date: Tue, 10 Mar 2020 14:58:26 -0000 (UTC)

frank%phoenix.owl.de@localhost (Frank Wille) writes:

>> Something is using /dev/crypto. openssl would do that, but only if
>> you configure it.

>Yes, our web-server is also listening on port 443 for several virtual hosts,
>so SSL is configured.

It's not just SSL. openssl has its own crypto routines and you would only
use /dev/crypto when you want to use some accelerator hardware that can only
be accessed by a kernel driver.

The problem here seems to be that the devcrypto engine is builtin and openssl
just loads every builtin engine with no knob to control that behaviour.

I think the only option you have now is to prevent access to /dev/crypto.

-- 
-- 
                                Michael van Elst
Internet: mlelstv%serpens.de@localhost
                                "A potential Snark may lurk in every tree."

Follow-Ups:
- Re: Hundreds of crypto file descriptors for Apache httpd
  - From: matthew sporleder

References:
- Re: Hundreds of crypto file descriptors for Apache httpd
  - From: Frank Wille

Prev by Date: Re: Virtio, Netbsd 9.0 and Virtualbox
Next by Date: Re: Hundreds of crypto file descriptors for Apache httpd
Previous by Thread: Re: Hundreds of crypto file descriptors for Apache httpd
Next by Thread: Re: Hundreds of crypto file descriptors for Apache httpd
Indexes:

Home | Main Index | Thread Index | Old Index