On Fri, Jan 27, 2012 at 12:58 PM, Pid <p...@pidster.com> wrote: > On 27/01/2012 20:23, David Rees wrote: >> Google turns up lots of hits which suggest using >> -Djava.security.egd=file:/dev/./urandom to work around the issue - but >> I'd rather not give up security for start up speed. >> >> It seems that something on the production server is leaving >> /dev/random with insufficient entropy to generate data quickly - the >> development system initializes fast enough that no message is logged. >> Any suggestions on how to improve startup times without reducing >> security? > > Yes, actually, Tomcat 7.0 included improvements to the session ID > generator code. It now uses SecureRandom, which is /dev/urandom AFAIK. > > You can check, what does your %JAVA_HOME%/lib/security/java.security > contain? E.g. > > securerandom.source=file:/dev/urandom
Hmm, yes, the systems I've checked running Java 1.7.0_02 list /dev/urandom as the securerandom.source. > Which version of 7.0 are you using? It's not directly relevant, but the > the config is here: > > http://tomcat.apache.org/tomcat-7.0-doc/config/manager.html The latest, 7.0.25. > If your OS is Linux: > > cat /proc/sys/kernel/random/entropy_avail > > What is the output? Even on the affected and non-affected systems, it reads around 150. -Dave --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
