Page created: 15 Jul 2022 |
Page updated: 20 Jan 2023
To help diagnose the problem, the installer attempts to monitor available system entropy when setting up the server in FIPS 140-2-compliant mode and displays a warning message if entropy drops too low. Similarly, if the server is running in FIPS-compliant mode, it continuously monitors available system entropy and logs a warning message and raises an alarm if entropy drops low enough that the server is likely to become unresponsive.
If entropy exhaustion is a problem, the best options to address it include:
- If the server is running in a virtual machine or container, you might be able to configure it with access to the underlying host system’s entropy pool if that's not already the case.
- Install a hardware random number generator on the system and ensure that the server can access it even when running in a container or virtual machine.
- Install an entropy-supplementing daemon, such as rngd, to keep the OS-provided random number generator topped off and able to generate high-quality random data without blocking.