Not Enough Entropy?

The moment when your TLS/SSL connection somehow just gets stuck.

| |

When establishing an TLS/SSL connection somehow gets stuck there is a good chance that you are just lacking enough entropy. The tricky part is that you cannot find anything about this in the logs. If you experience similar problems on Linux the first thing to check if there is enough entropy available.

cat /proc/sys/kernel/random/entropy_avail

If the number is below 1000 that might be the problem. It means that your system does not generate enough randomness for cryptographically secure communications - and waits until there is.

An easy but terrible work around is to only use the pseudo random generator.

mv /dev/random /dev/random.old
ln -s /dev/urandom /dev/random

By definition these (pseudo) random numbers cannot be really random. Mouse movements, key presses, audio or video input or disk access can be sources for proper randomness.

There are dedicated daemones like haveged, egd, prngd or others that do just that. Unfortunately on a virtual server your mile age may vary.