-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Vince,
On 12/29/19 23:01, Vince Stewart wrote: > I started recently using my my java app with embedded Tomcat / > 8.0.28 on a debian VPS (DigitalOcean). > > Unfortunately, it can take up to 20 minutes to launch into action > from the time you start execution. The issue relates to "Creation > of SecureRandom instance ... using SHA1PRNG". Slowness has been > described and explained in Stackoverflow. > > My tomcat has otherwise been so reliable that I have had no > motivation to keep it upgraded. Can anyone advise if some change > will apply if I upgrade to the latest version 8. You'll probably find that a later Tomcat is less buggy/more reliable/secure, and faster. I have no specific metrics, but Tomcat 8.0 -> 8.5 removed a lot of cruft necessary to support the BIO connectors. The later versions have simpler code which will be less prone to bugs, edge cases, and also of course less code running per request, therefore better performance. Links to security reports can be found on the Tomcat home page. Comparing fixes in 8.5 versus those not mentioned AT ALL in the 8.90 changelog are likely to be (mild) vulnerabilities in your version of Tomcat. - -chris -----BEGIN PGP SIGNATURE----- Comment: Using GnuPG with Thunderbird - https://www.enigmail.net/ iQIzBAEBCAAdFiEEMmKgYcQvxMe7tcJcHPApP6U8pFgFAl4LaU4ACgkQHPApP6U8 pFikNg/8DvwSDVC07hd4t3mARIw2EqOZRmUV923mOnaOs6hh6GzgXM2wNc55HdWb c7hktUKj0bKyy8nGDUa5jGaDEvVv8l3LPE5aqEUXc/dJsAKFXCJbHwFXUwGWRQRx DK/TmpsQx5HQr8z4kSWNOsjs3tGSndOXF0Cth/E6HeyyAoYEZ9IdZ2PrH7aIULk4 U+kJfKzRavRsOYnXOs48D52A4QpVRge0LfbOEaHVmfeEz3p/xbO25ftamM1wtJnY I101FENv2LuSB5BLRjNnvniF0X71341aBEMJgaTRcyBx/KcA/CFsZBwtD2MGQz98 oA3TeWBvzMlKdyWCXs5Vb8oYmwKRyIYdDFUVJwyL9IBGspRrEF2GqLUWY093BulF NjShFaOdOa+/FgYCqdxJJute/4o4MDB/9WkFe/zGYlRHTw9zPz9qTpxTIWrbksdM n017DhLzUvcxRgkNjIzwsiFtlTTU7H702z8QiYAH7//QqRzFyha3snqSn64Zf96F ZRLif9eTShtfrQtBJc4wSZGu4nd1lCfjRcBjKDyR4SB4FjbjnoOuCioATt2GL1tW bICAsVexCrVi4725RaUc7ignfF96oRwR/tuXFf2wqD9YPod6cQR2e5ophLvzyDng Fju3Xdw6mn0fkXEwbwyCiHGIolcDNnvSpa35ztR5ETvEAm4vEK8= =dZFM -----END PGP SIGNATURE----- --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org