On 27/01/2012 23:00, David Rees wrote: > On Fri, Jan 27, 2012 at 12:58 PM, Pid <p...@pidster.com> wrote: >> On 27/01/2012 20:23, David Rees wrote: >>> Google turns up lots of hits which suggest using >>> -Djava.security.egd=file:/dev/./urandom to work around the issue - but >>> I'd rather not give up security for start up speed. >>> >>> It seems that something on the production server is leaving >>> /dev/random with insufficient entropy to generate data quickly - the >>> development system initializes fast enough that no message is logged. >>> Any suggestions on how to improve startup times without reducing >>> security? >> >> Yes, actually, Tomcat 7.0 included improvements to the session ID >> generator code. It now uses SecureRandom, which is /dev/urandom AFAIK. >> >> You can check, what does your %JAVA_HOME%/lib/security/java.security >> contain? E.g. >> >> securerandom.source=file:/dev/urandom > > Hmm, yes, the systems I've checked running Java 1.7.0_02 list > /dev/urandom as the securerandom.source. > >> Which version of 7.0 are you using? It's not directly relevant, but the >> the config is here: >> >> http://tomcat.apache.org/tomcat-7.0-doc/config/manager.html > > The latest, 7.0.25. > >> If your OS is Linux: >> >> cat /proc/sys/kernel/random/entropy_avail >> >> What is the output? > > Even on the affected and non-affected systems, it reads around 150.
Hmm, low. So maybe an alternative is to try & increase the entropy available. Finding the excessive consumer of entropy will be harder. It's been a while since I had to address this: I think I installed rng-tools, but I don't remember (& had to look that up). p > -Dave > > --------------------------------------------------------------------- > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > -- [key:62590808]
signature.asc
Description: OpenPGP digital signature
