[
https://issues.apache.org/jira/browse/SOLR-10352?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15945454#comment-15945454
]
Ishan Chattopadhyaya commented on SOLR-10352:
---------------------------------------------
bq. Just came to my mind what if we had non-blocking SecureRandom as a default
in the startup scripts
My thought is that we should not change this by default, since /dev/random has
been preferred by cryptographers and sysadmins for SSL. However, since the
article argues that there are no downsides of using /dev/urandom, I think we
can recommend that hte user use that when the entropy is low. This could be
included in the warning message from the script. What do you think?
> Low entropy warning in bin/solr script
> --------------------------------------
>
> Key: SOLR-10352
> URL: https://issues.apache.org/jira/browse/SOLR-10352
> Project: Solr
> Issue Type: Improvement
> Security Level: Public(Default Security Level. Issues are Public)
> Reporter: Ishan Chattopadhyaya
> Fix For: master (7.0), branch_6x
>
> Attachments: SOLR-10352.patch
>
>
> We should add a warning in the startup script for Linux, if the output of the
> following is below a certain threshold (maybe 300?). The warning could
> indicate that features like UUIDField, SSL etc. might not work properly (or
> be slow). As a hint, we could then suggest the user to configure a non
> blocking SecureRandom (SOLR-10338) or install rng-tools, haveged etc.
> {quote}
> cat /proc/sys/kernel/random/entropy_avail
> {quote}
> Original discussion:
> https://issues.apache.org/jira/browse/SOLR-10338?focusedCommentId=15938904&page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#comment-15938904
--
This message was sent by Atlassian JIRA
(v6.3.15#6346)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
