tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From David Rees <dree...@gmail.com>
Subject TC7 very slow SessionIdGenerator SecureRandom initialization
Date Fri, 27 Jan 2012 20:23:53 GMT
I've been working on upgrading some Tomcat 5.5 servers to Tomcat 7
since 5.5 will be EOL soon.

One thing I noticed on one of my first upgrades is that TC7 can often
take a long time to start up due to slow initialization of the
SessionIdGenerator - it can take up to nearly 2 minutes!  It appears
to take longer if I restart TC7 quickly which seems to confirm that a
lack of entropy is the issue.

org.apache.catalina.util.SessionIdGenerator-: Creation of SecureRandom
instance for session ID generation using [SHA1PRNG] took [105,014]
milliseconds.

Now, Tomcat 5.5 never had this issue - did this change in between versions?

Google turns up lots of hits which suggest using
-Djava.security.egd=file:/dev/./urandom to work around the issue - but
I'd rather not give up security for start up speed.

It seems that something on the production server is leaving
/dev/random with insufficient entropy to generate data quickly - the
development system initializes fast enough that no message is logged.
Any suggestions on how to improve startup times without reducing
security?

Thanks

Dave

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message