Currently, the ZSK key generation (which defaults to RSA) uses the Havege algorithm from PolarSSL. As stated in , this can produce unsafe keys in certain environments.
Although the polarssl lib is upgraded to > v1.1.0, the code still needs to be adapted to use the new ctr_drbg algo instead of the havege algo. I think polarrsakeyinfra.cc is to be altered.
change polar RSA key generation from havege to ctr_drbg; suggested by…
… Luuk Hendriks, additional checking by Paul Bakker of PolarSSL. Closes #615
git-svn-id: svn://svn.powerdns.com/pdns/trunk/pdns@2876 d19b8d6e-7fed-0310-83ef-9ca221ded41b
fixed in r2876, thanks!