Re: [OT] secureRandom... using [SHA1PRNG] ..took (up to) 20 minutes
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Vince, On 12/29/19 23:01, Vince Stewart wrote: > I started recently using my my java app with embedded Tomcat / > 8.0.28 on a debian VPS (DigitalOcean). > > Unfortunately, it can take up to 20 minutes to launch into action > from the time you start execution. The issue relates to "Creation > of SecureRandom instance ... using SHA1PRNG". Slowness has been > described and explained in Stackoverflow. > > My tomcat has otherwise been so reliable that I have had no > motivation to keep it upgraded. Can anyone advise if some change > will apply if I upgrade to the latest version 8. You'll probably find that a later Tomcat is less buggy/more reliable/secure, and faster. I have no specific metrics, but Tomcat 8.0 -> 8.5 removed a lot of cruft necessary to support the BIO connectors. The later versions have simpler code which will be less prone to bugs, edge cases, and also of course less code running per request, therefore better performance. Links to security reports can be found on the Tomcat home page. Comparing fixes in 8.5 versus those not mentioned AT ALL in the 8.90 changelog are likely to be (mild) vulnerabilities in your version of Tomcat. - -chris -BEGIN PGP SIGNATURE- Comment: Using GnuPG with Thunderbird - https://www.enigmail.net/ iQIzBAEBCAAdFiEEMmKgYcQvxMe7tcJcHPApP6U8pFgFAl4LaU4ACgkQHPApP6U8 pFikNg/8DvwSDVC07hd4t3mARIw2EqOZRmUV923mOnaOs6hh6GzgXM2wNc55HdWb c7hktUKj0bKyy8nGDUa5jGaDEvVv8l3LPE5aqEUXc/dJsAKFXCJbHwFXUwGWRQRx DK/TmpsQx5HQr8z4kSWNOsjs3tGSndOXF0Cth/E6HeyyAoYEZ9IdZ2PrH7aIULk4 U+kJfKzRavRsOYnXOs48D52A4QpVRge0LfbOEaHVmfeEz3p/xbO25ftamM1wtJnY I101FENv2LuSB5BLRjNnvniF0X71341aBEMJgaTRcyBx/KcA/CFsZBwtD2MGQz98 oA3TeWBvzMlKdyWCXs5Vb8oYmwKRyIYdDFUVJwyL9IBGspRrEF2GqLUWY093BulF NjShFaOdOa+/FgYCqdxJJute/4o4MDB/9WkFe/zGYlRHTw9zPz9qTpxTIWrbksdM n017DhLzUvcxRgkNjIzwsiFtlTTU7H702z8QiYAH7//QqRzFyha3snqSn64Zf96F ZRLif9eTShtfrQtBJc4wSZGu4nd1lCfjRcBjKDyR4SB4FjbjnoOuCioATt2GL1tW bICAsVexCrVi4725RaUc7ignfF96oRwR/tuXFf2wqD9YPod6cQR2e5ophLvzyDng Fju3Xdw6mn0fkXEwbwyCiHGIolcDNnvSpa35ztR5ETvEAm4vEK8= =dZFM -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: secureRandom... using [SHA1PRNG] ..took (up to) 20 minutes
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Markus, On 12/30/19 05:27, i...@flyingfischer.ch wrote: > apt-get install haveged update-rc.d haveged defaults > > Increases entropy pool and there for reduces start up time for > Tomcat. I would argue that haveged reduces your security because it makes /dev/random (a supposedly-secure source of entropy) behave like /dev/urandom which is supposed to be sufficiently-random yet not secure for things like generating keys. You should use the right tool for the right job: use /dev/random for keys (and let it take 20 minute if necessary) and /dev/urandom for other uses. - -chris > Am 30.12.19 um 11:22 schrieb Rainer Jung: >> It depends a bit on the major Java version you are using, but >> have a look at this page: >> >> https://cwiki.apache.org/confluence/display/TOMCAT/HowTo+FasterStartU p#HowToFasterStartUp-EntropySource >> >> >> >> Regards, >> >> Rainer >> >> Am 30.12.2019 um 05:01 schrieb Vince Stewart: >>> I started recently using my my java app with embedded Tomcat / >>> 8.0.28 on a debian VPS (DigitalOcean). >>> >>> Unfortunately, it can take up to 20 minutes to launch into >>> action from the time you start execution. The issue relates to >>> "Creation of SecureRandom instance ... using SHA1PRNG". >>> Slowness has been described and explained in Stackoverflow. >>> >>> My tomcat has otherwise been so reliable that I have had no >>> motivation to keep it upgraded. Can anyone advise if some >>> change will apply if I upgrade to the latest version 8. >>> >>> Otherwise, is there a configuration change I could employ. >>> >>> Many thanks, >> >> - >> >> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org >> For additional commands, e-mail: users-h...@tomcat.apache.org >> > > > - > > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > -BEGIN PGP SIGNATURE- Comment: Using GnuPG with Thunderbird - https://www.enigmail.net/ iQIzBAEBCAAdFiEEMmKgYcQvxMe7tcJcHPApP6U8pFgFAl4LaJIACgkQHPApP6U8 pFjeVA//QXVvuJUvLOIfTqWXsQvgwh1w4IIqDOZcRgCy3fbpdEWgv2oRkz6B0vNO WwjQXR2PNyfTLjIq8pjiGQMH9AihX6rGal9IUJ6qGFVXBr2xqb0c+8XMy3nEKYlI ++YKoe4OuVX3xG0a+iozPY1fnHSTt05xGZo1WdTgPE1gmkWmF+J76OOeA5Gb8Yx6 57O+ok6yhmBj9sBD2QwKa4L4UZNAoObJS7fzYYrzdkhcRn545NISdYMV4hE5Va5K 8vfq2fO3eLMcRebYra5nAmaLovv4M3zJalpTHE4nOhJ+6HqcDV41TiS7HaHe/2+e 34bMjQlA0FIE7J1InfJCTamVPEw5F357WetYS0eLlhR26rFG1zz3ra5W9d3JNbW7 PNTQZhfJmE7ZarmN1WsUUSmkRPD0SNQYWcHJ3zgdUMl2AJoMDB9Eo/bn+mw4Ht23 vha4dUk1ePjsWD1eaAGBWYUswjvZ+wfUjkXOCTtFadO2LHzOdfRASg4UpYeKFOL9 KgazuTx9xssHrc5UfSlojoSSVohLFievhS1cGGzN8IEHWN1ZYcAoLUpGAE0sC8yf NPyBaqiQfv+vYkiODXSnE80ivWr1m1McJAamNL469yJnqc6qPPGm3cOr4DMAVJWh ktpDai+wXpS3YEciXkLIH9Dn7KNLzNr43M/uXFs5gLdm6LnKvSE= =jdiM -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: secureRandom... using [SHA1PRNG] ..took (up to) 20 minutes
apt-get install haveged update-rc.d haveged defaults Increases entropy pool and there for reduces start up time for Tomcat. Markus Am 30.12.19 um 11:22 schrieb Rainer Jung: > It depends a bit on the major Java version you are using, but have a > look at this page: > > https://cwiki.apache.org/confluence/display/TOMCAT/HowTo+FasterStartUp#HowToFasterStartUp-EntropySource > > > Regards, > > Rainer > > Am 30.12.2019 um 05:01 schrieb Vince Stewart: >> I started recently using my my java app with embedded Tomcat / 8.0.28 >> on a >> debian VPS (DigitalOcean). >> >> Unfortunately, it can take up to 20 minutes to launch into action >> from the >> time you start execution. The issue relates to "Creation of SecureRandom >> instance ... using SHA1PRNG". Slowness has been described and >> explained in >> Stackoverflow. >> >> My tomcat has otherwise been so reliable that I have had no >> motivation to >> keep it upgraded. Can anyone advise if some change will apply if I >> upgrade >> to the latest version 8. >> >> Otherwise, is there a configuration change I could employ. >> >> Many thanks, > > - > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: secureRandom... using [SHA1PRNG] ..took (up to) 20 minutes
It depends a bit on the major Java version you are using, but have a look at this page: https://cwiki.apache.org/confluence/display/TOMCAT/HowTo+FasterStartUp#HowToFasterStartUp-EntropySource Regards, Rainer Am 30.12.2019 um 05:01 schrieb Vince Stewart: I started recently using my my java app with embedded Tomcat / 8.0.28 on a debian VPS (DigitalOcean). Unfortunately, it can take up to 20 minutes to launch into action from the time you start execution. The issue relates to "Creation of SecureRandom instance ... using SHA1PRNG". Slowness has been described and explained in Stackoverflow. My tomcat has otherwise been so reliable that I have had no motivation to keep it upgraded. Can anyone advise if some change will apply if I upgrade to the latest version 8. Otherwise, is there a configuration change I could employ. Many thanks, - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
secureRandom... using [SHA1PRNG] ..took (up to) 20 minutes
I started recently using my my java app with embedded Tomcat / 8.0.28 on a debian VPS (DigitalOcean). Unfortunately, it can take up to 20 minutes to launch into action from the time you start execution. The issue relates to "Creation of SecureRandom instance ... using SHA1PRNG". Slowness has been described and explained in Stackoverflow. My tomcat has otherwise been so reliable that I have had no motivation to keep it upgraded. Can anyone advise if some change will apply if I upgrade to the latest version 8. Otherwise, is there a configuration change I could employ. Many thanks, -- Sent from: http://tomcat.10.x6.nabble.com/Tomcat-User-f1968778.html - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org