tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From David Rees <dree...@gmail.com>
Subject Re: TC7 very slow SessionIdGenerator SecureRandom initialization
Date Fri, 27 Jan 2012 23:00:52 GMT
On Fri, Jan 27, 2012 at 12:58 PM, Pid <pid@pidster.com> wrote:
> On 27/01/2012 20:23, David Rees wrote:
>> Google turns up lots of hits which suggest using
>> -Djava.security.egd=file:/dev/./urandom to work around the issue - but
>> I'd rather not give up security for start up speed.
>>
>> It seems that something on the production server is leaving
>> /dev/random with insufficient entropy to generate data quickly - the
>> development system initializes fast enough that no message is logged.
>> Any suggestions on how to improve startup times without reducing
>> security?
>
> Yes, actually, Tomcat 7.0 included improvements to the session ID
> generator code.  It now uses SecureRandom, which is /dev/urandom AFAIK.
>
> You can check, what does your %JAVA_HOME%/lib/security/java.security
> contain?  E.g.
>
>  securerandom.source=file:/dev/urandom

Hmm, yes, the systems I've checked running Java 1.7.0_02 list
/dev/urandom as the securerandom.source.

> Which version of 7.0 are you using?  It's not directly relevant, but the
> the config is here:
>
>  http://tomcat.apache.org/tomcat-7.0-doc/config/manager.html

The latest, 7.0.25.

> If your OS is Linux:
>
>  cat /proc/sys/kernel/random/entropy_avail
>
> What is the output?

Even on the affected and non-affected systems, it reads around 150.

-Dave

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message