-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Markus,
On 12/30/19 05:27, i...@flyingfischer.ch wrote:
> apt-get install haveged update-rc.d haveged defaults
>
> Increases entropy pool and there for reduces start up time for
> Tomcat.
I would argue that haveged reduces your security because it makes
/dev/random (a supposedly-secure source of entropy) behave like
/dev/urandom which is supposed to be sufficiently-random yet not
secure for things like generating keys.
You should use the right tool for the right job: use /dev/random for
keys (and let it take 20 minute if necessary) and /dev/urandom for
other uses.
- -chris
> Am 30.12.19 um 11:22 schrieb Rainer Jung:
>> It depends a bit on the major Java version you are using, but
>> have a look at this page:
>>
>> https://cwiki.apache.org/confluence/display/TOMCAT/HowTo+FasterStartU
p#HowToFasterStartUp-EntropySource
>>
>>
>>
>>
Regards,
>>
>> Rainer
>>
>> Am 30.12.2019 um 05:01 schrieb Vince Stewart:
>>> I started recently using my my java app with embedded Tomcat /
>>> 8.0.28 on a debian VPS (DigitalOcean).
>>>
>>> Unfortunately, it can take up to 20 minutes to launch into
>>> action from the time you start execution. The issue relates to
>>> "Creation of SecureRandom instance ... using SHA1PRNG".
>>> Slowness has been described and explained in Stackoverflow.
>>>
>>> My tomcat has otherwise been so reliable that I have had no
>>> motivation to keep it upgraded. Can anyone advise if some
>>> change will apply if I upgrade to the latest version 8.
>>>
>>> Otherwise, is there a configuration change I could employ.
>>>
>>> Many thanks,
>>
>> -
>>
>>
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
>> For additional commands, e-mail: users-h...@tomcat.apache.org
>>
>
>
> -
>
>
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
>
-BEGIN PGP SIGNATURE-
Comment: Using GnuPG with Thunderbird - https://www.enigmail.net/
iQIzBAEBCAAdFiEEMmKgYcQvxMe7tcJcHPApP6U8pFgFAl4LaJIACgkQHPApP6U8
pFjeVA//QXVvuJUvLOIfTqWXsQvgwh1w4IIqDOZcRgCy3fbpdEWgv2oRkz6B0vNO
WwjQXR2PNyfTLjIq8pjiGQMH9AihX6rGal9IUJ6qGFVXBr2xqb0c+8XMy3nEKYlI
++YKoe4OuVX3xG0a+iozPY1fnHSTt05xGZo1WdTgPE1gmkWmF+J76OOeA5Gb8Yx6
57O+ok6yhmBj9sBD2QwKa4L4UZNAoObJS7fzYYrzdkhcRn545NISdYMV4hE5Va5K
8vfq2fO3eLMcRebYra5nAmaLovv4M3zJalpTHE4nOhJ+6HqcDV41TiS7HaHe/2+e
34bMjQlA0FIE7J1InfJCTamVPEw5F357WetYS0eLlhR26rFG1zz3ra5W9d3JNbW7
PNTQZhfJmE7ZarmN1WsUUSmkRPD0SNQYWcHJ3zgdUMl2AJoMDB9Eo/bn+mw4Ht23
vha4dUk1ePjsWD1eaAGBWYUswjvZ+wfUjkXOCTtFadO2LHzOdfRASg4UpYeKFOL9
KgazuTx9xssHrc5UfSlojoSSVohLFievhS1cGGzN8IEHWN1ZYcAoLUpGAE0sC8yf
NPyBaqiQfv+vYkiODXSnE80ivWr1m1McJAamNL469yJnqc6qPPGm3cOr4DMAVJWh
ktpDai+wXpS3YEciXkLIH9Dn7KNLzNr43M/uXFs5gLdm6LnKvSE=
=jdiM
-END PGP SIGNATURE-
-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org