When should a server call mbedtls_ctr_drbg_reseed?

Thank you for MbedTLS, we’ve used it to add https to our web server, but I am confused as to when mbedtls_ctr_drbg_reseed should be called.

Once, when the server starts up, along with mbedtls_net_init() and mbedtls_ssl_config_init() and the like.

Or every time we accept a new connection with mbedtls_net_accept(), along with mbedtls_ssl_setup() mbedtls_ssl_set_bio() and the like.

I hope this makes sense and you can answer.

Thank you
Daniel Webb

Hi @DanielWebb
Thank you for your question!

Accotrding to NIST 800-90A Table 3, the reseed interval for ctr_drbg should be 2^48.
this means that every 2^48 calls to mbedtls_ctr_drbg_random() with or without additional data, mbedtls_ctr_drbg_reseed() must be called, for security reasons. However, it may be called more frequently.
This is dependent on your product, and what is the expected life-cycle, and your architecture.
You can call the reseed function at startup, or you can call it at other initialization steps.
Other use cases are dependent on whether your application is multiprocess or multithreaded, and there are different entropy contexts for every process \ thread, for example.
I hope this answers your question
Mbed TLS Team member

Hi Ron,
Thanks for the information, that’s nice and clear.