We currently run nginx on the majority of our internet-facing webservers
and we process a lot of SSL traffic. That’s a lot of SSL handshakes and
a lot of entropy required. To help with this, we’ve bought some USB
pseudo-random entropy generating keys. These basically give the server a
fast source of entropy, which can be accessed via /dev/random.
In Apache, the SSL configuration includes a directive ‘SSLRandomSeed’
which allows you to define a source for randomness, with the default
being ‘builtin’ which uses some Apache internals as a PRNG. It includes
options to use a filesystem location (/dev/random for example) or an egd
(entropy daemon) source.
Can anyone tell me where nginx SSL gets its entropy from by default and
whether it can be changed?