Thanks to wlanboy for bringing up haveged and this post:
Here is my story.
I run rsylog as a central logging server that gets log data from two client VPSs via an SSL/TLS connection.
To enhance entropy I was using rngd with the following in the config file:
HRNGDEVICE=/dev/urandom
Everything worked fine except these occasional errors showing up in the logs:
GnuTLS error: Error in the push function.
rngd[2819]: block failed FIPS test 0x04
The first error was occurring right after log rotation on the central logging server. The actual error was reported by the ryslog clients.
The failed FIPS test was random and coming from both the rsyslog server and clients.
Long story short, since switching to haveged both of the above errors have been eliminated.
Here is my story.
I run rsylog as a central logging server that gets log data from two client VPSs via an SSL/TLS connection.
To enhance entropy I was using rngd with the following in the config file:
HRNGDEVICE=/dev/urandom
Everything worked fine except these occasional errors showing up in the logs:
GnuTLS error: Error in the push function.
rngd[2819]: block failed FIPS test 0x04
The first error was occurring right after log rotation on the central logging server. The actual error was reported by the ryslog clients.
The failed FIPS test was random and coming from both the rsyslog server and clients.
Long story short, since switching to haveged both of the above errors have been eliminated.
Last edited by a moderator:
