Starting with the 1.0.2 release of OpenSSL*, RDRAND has been temporarily removed as a random number source. Future releases of OpenSSL will re-incorporate RDRAND, but will employ cryptographic mixing with OpenSSL's own software-based PRNG. While OpenSSL's random numbers will benefit form the quality of RDRAND, it will not have the same performance as RDRAND alone.
If you are running a high-volume SSL web server the speed advantages of RDRAND are probably desirable. An earlier case study on OpenSSL performance when RDRAND was the sole RNG source showed that speedups to the SSL handshake can lead to up to a 1% increase in the number of connections/second that could be handled by an SSL concentrator. Internal testing on the Xeon v3 family of processors shows that RDRAND can give an additional boost to AES bulk encryption as well since random numbers are used to generate IV's.
Fortuately, OpenSSL still provides access to RDRAND as a sole random number source via it's engine API: you just have to turn it on. If you are running an Apache* 2.4 web server with mod_ssl, this is very easy to do. The configuration directive, SSLCryptoDevice, tells mod_ssl which engines to initialize inside of OpenSSL. To enable RDRAND as a sole random number source, you would use the following directive:
Another advantage of doing this is that the digital random number generator that feeds RDRAND is autonomous and self-seeding, so you do not have to supply entropy to OpenSSL. This means you can use the 'builtin' entropy method in mod_ssl, which is the least CPU-intesive and most simplistic method, as the entropy generated by the sources is simply going to be ignored.
SSLRandomSeed startup builtin SSLRandomSeed connect builtin
Depending on your system architecture, you might even see slightly higher performance from one of the special device files such as /dev/zero.