only call: ssl_rand_seed(s, p, SSL_RSCTX_STARTUP, "Init: "); once at startup. if there is value in calling it more than once at startup, it should be done explicitly rather than hidden in ssl_tmp_keys_init(). switch to ptemp pool when calling ssl_rand_seed() at startup.