2 - Do not allow OpenSSL engines to replace the PRNG, even when
3 HardwareAccel is set. The only default builtin PRNG engine uses
4 the Intel RDRAND instruction to replace the entire PRNG, and
5 ignores all attempts to seed it with more entropy. That's
6 cryptographically stupid: the right response to a new alleged
7 entropy source is never to discard all previously used entropy
8 sources. Fixes bug 10402; works around behavior introduced in
9 OpenSSL 1.0.0. Diagnosis and investigation thanks to "coderman"