Logic behind the patch: After each stage the PRNG is queried to see if it has sufficient random info. If so, it stops seeding randomness and gets on with the connections. (note this is only available on openssl 0.9.5a on. With older versions it assumes not enough entropy has been aquired and continues boldly on) So, the logic: 0) try /dev/urandom 1) if on windows, use RAND_screen (supported all the way back to SSLeay) 2) if not on windows If openssl 0.9.5a or greater, add EGD support as follows: If '-E socketname' specified, attempt to communicate to EGD attached to that socket. If stunnel was compiled with '--with-egd-socket=FILE' then try that one next. 3) For all OS versions, grab random data from the following file(s) The file named with the '-R randfile' flag The filename in the environment variable $RANDFILE, or failing that $HOME/.rnd The filename specified with '--with-random' when stunnel was configured Again, if sufficient entropy is available at any point along the way it stops gathering entropy, thus it doesn't needlessly deplete the entropy pool. So as you can see it tries pretty much every damned way you could wish (or expect with OpenSSL/SSLeay) to get random data. Flags: -B bytes how many bytes to read from actual files -R randfile file with random data to read -E socket EGD socket Configure flags: --with-random extended to add this filename to the list of files searched --with-egd-sock egd socket to use (assumed this is made available to everyone by root, etc) This patch is backward compatible with SSLeay (and uses standard $RANDFILE and $HOME/.rnd files, convienient if you've already set these for the openssl command anyway) and includes the EGD support only if the ssl library of choice supports it, so it's still appropriate for folks with older versions of openssl and before. Files modified: stunnel.c ssl.c stunnel.8.in common.h configure.in Tested on solaris 2.7, linux, freebsd. How to patch your version: unpack the original stunnel-3.8.tar.gz file into a directory, cd to that dir, and run 'patch