[issue18747] Re-seed OpenSSL's PRNG after fork
Antoine Pitrou
report at bugs.python.org
Thu Aug 15 14:50:23 CEST 2013
Antoine Pitrou added the comment:
> The ssl module exposes OpenSSL's PRNG and advertises the API as secure
> CPRNG: http://docs.python.org/3/library/ssl.html#random-generation
AFAICT, Python's PRNG isn't reset after fork, so I don't think OpenSSL's
should be reset.
OTOH, multiprocessing does reseed the random module after fork, so it
should also do so for the ssl module if already loaded.
We may add a note in the ssl docs stating that it's better to reseed
after fork().
----------
_______________________________________
Python tracker <report at bugs.python.org>
<http://bugs.python.org/issue18747>
_______________________________________
More information about the Python-bugs-list
mailing list