Hash: SHA256


On 7/27/19 19:49, John Dale wrote:
> Greetings Everyone;
> A quick update to the folks who I have interacted with on the list 
> (you know who you are and I thank you).
> I got all of my applications and sites migrated from Tomcat 7.x.x
> to Tomcat 9.x running on Ubuntu 18.04 and Java 8.  Lots of fun work
> with the firewalls, databases, and email servers (DKIM, SPF, and
> DMARC are something else).
> Overall, I was kind of disappointed to find out that Java 11
> doesn't include activation and jax libs, but it sure was fast once
> I included these things in my lib folder.  That said, I thought it
> might be better to revert to Java 8, which bundles and unit tests
> these libraries.  So, that's what I did.
> But yikes .. the startup times are now very slow .. sometimes two 
> minutes.  I understand that this might relate to the need of the
> JVM to initialize for random number seeding.  Is this true?

What makes you say that? It might be correct, but you are just
providing a guess, here.

> What other strategies should I be looking at to make the bounce
> more zippy?  I deploy two smallish war files (<5MB, about 160KB
> Java Services code)

Note that the size of the code is largely irrelevant.

> I noticed several recommendations for different random number
> seeding strategies, but they came with warnings relative to the
> quality of encryption.  What else might be done that doesn't
> compromise encryption quality?

Most modern JVMs (on Linux) use /dev/urandom as a source of entropy by
default which is safe enough to use for probably everything but
long-loved encryption keys (e.g. multi-year-valid RSA/EC keys, PGP
keys, etc.). You probably shouldn't be generating long-lived keys of
these kinds from within a Tomcat-hosted application. /dev/urandom is
non-blocking so it shouldn't stall when grabbing entropy for things
like random-number seeding (which are used by Tomcat for both random
session-id generation and random TLS bulk-encryption keys.

> I would like to push back my Java 11 upgrade until I have a good 
> longer term strategy for jax and activation libraries.  Thoughts?

Why not simply bundle those required libraries with your application?

> Glad to have made it through the upgrade .. it really wasn't very 
> painful at all.

Glad to hear it wasn't painful.

- -chris
Comment: Using GnuPG with Thunderbird - https://www.enigmail.net/


To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Reply via email to