tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Chris Lear <chris.l...@laculine.com>
Subject Re: FYI tomcat 100% load SSL
Date Mon, 07 Aug 2006 11:26:08 GMT
* Oscar Mechanic wrote (07/08/06 12:04):
> For those of you who ever have this problem
> 
> Symptoms
> 
> 1) Cannot connect to tomcat after a period of time
> 2) Heavy load on startup
> 3) Various strangeness with SSL certs e.g. WEB browsers reject
> certs/incomplete TLS handshake
> 
> Observed case
> 
> Tomcat version we tried jakarta-tomcat-5.0.12 and jakarta-tomcat-5.5.17
> we are using openssl to generate certs. OS is linux 2.6.17 (Newest) on
> our own distribution. After reboot tomcat works fine modprobe random and
> we cannot connect to tomcat on SSL ports and the load goes high. 
> 
> We dont know where the problem lies i.e. in kernel/distro/tomcat/java
> but one check you might think of taking if you see similar difficulties.
> Is to reboot without random module or rmmod and restart tomcat. We also
> tried 1.4 to 1.5_02 & 1.5_06 and still the same problem.
> 
> Sorry I cant be more specific but I am behind my deadline and its
> working now. So no more /dev/random for this release. Been at this for a
> few days.

/dev/random blocks if it doesn't have enough entropy to produce
randomness. /dev/urandom doesn't, but is a bit less random as a result.
Some people link /dev/random to /dev/urandom to get round the problem.
But you can tell java to use urandom via a command-line switch
(-Djava.security.egd=file:/dev/urandom).

This could be the cause of the bug observed here. This might also be
interesting:
http://bugs.sun.com/bugdatabase/view_bug.do?bug_id=4705093

Chris

---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message