[En-Nut-Discussion] local tcp port randomisation

Harald Kipp harald.kipp at egnite.de
Wed Jul 4 12:09:25 CEST 2012

Hi all,

On 04.07.2012 11:42, Bernd Walter wrote:
> On Tue, Jul 03, 2012 at 10:10:44PM -0400, Nathan Moore wrote:
>> I think that the distinction between random and undefined needs to be
>> made.  My guess is that most systems would produce very predictable values
>> for this.
> Undefined is that you don't know the value, but in fact undefined can
> also always be a static value.
> Random is defined as unpredictable and statisticaly even spread.
> undefined completely fails on both point.

Thank you for your comments. That's probably all valuable information, specifically for the TLS development in 


But I'd suggest to open up a new thread, because we are losing the topic of this one. Please refer to the initial question that Michel Hendriks posted in 2005 and Ole brought back to our attention.

The comments probably do not mean "Unless we have an unpredictable random generator, we better leave the ephemeral port selection as it is and accept the failure that Michel described", 

or do they?



More information about the En-Nut-Discussion mailing list