You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tomcat.apache.org by Oscar Mechanic <os...@ufomechanic.net> on 2006/08/07 13:04:58 UTC
FYI tomcat 100% load SSL
For those of you who ever have this problem
Symptoms
1) Cannot connect to tomcat after a period of time
2) Heavy load on startup
3) Various strangeness with SSL certs e.g. WEB browsers reject
certs/incomplete TLS handshake
Observed case
Tomcat version we tried jakarta-tomcat-5.0.12 and jakarta-tomcat-5.5.17
we are using openssl to generate certs. OS is linux 2.6.17 (Newest) on
our own distribution. After reboot tomcat works fine modprobe random and
we cannot connect to tomcat on SSL ports and the load goes high.
We dont know where the problem lies i.e. in kernel/distro/tomcat/java
but one check you might think of taking if you see similar difficulties.
Is to reboot without random module or rmmod and restart tomcat. We also
tried 1.4 to 1.5_02 & 1.5_06 and still the same problem.
Sorry I cant be more specific but I am behind my deadline and its
working now. So no more /dev/random for this release. Been at this for a
few days.
---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: FYI tomcat 100% load SSL
Posted by Chris Lear <ch...@laculine.com>.
* Oscar Mechanic wrote (07/08/06 12:04):
> For those of you who ever have this problem
>
> Symptoms
>
> 1) Cannot connect to tomcat after a period of time
> 2) Heavy load on startup
> 3) Various strangeness with SSL certs e.g. WEB browsers reject
> certs/incomplete TLS handshake
>
> Observed case
>
> Tomcat version we tried jakarta-tomcat-5.0.12 and jakarta-tomcat-5.5.17
> we are using openssl to generate certs. OS is linux 2.6.17 (Newest) on
> our own distribution. After reboot tomcat works fine modprobe random and
> we cannot connect to tomcat on SSL ports and the load goes high.
>
> We dont know where the problem lies i.e. in kernel/distro/tomcat/java
> but one check you might think of taking if you see similar difficulties.
> Is to reboot without random module or rmmod and restart tomcat. We also
> tried 1.4 to 1.5_02 & 1.5_06 and still the same problem.
>
> Sorry I cant be more specific but I am behind my deadline and its
> working now. So no more /dev/random for this release. Been at this for a
> few days.
/dev/random blocks if it doesn't have enough entropy to produce
randomness. /dev/urandom doesn't, but is a bit less random as a result.
Some people link /dev/random to /dev/urandom to get round the problem.
But you can tell java to use urandom via a command-line switch
(-Djava.security.egd=file:/dev/urandom).
This could be the cause of the bug observed here. This might also be
interesting:
http://bugs.sun.com/bugdatabase/view_bug.do?bug_id=4705093
Chris
---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: FYI tomcat 100% load SSL
Posted by Mark Thomas <ma...@apache.org>.
Oscar Mechanic wrote:
> For those of you who ever have this problem
>
When starting a new thread (ie sending a message to the list about a
new topic) please do not reply to an existing message and change the
subject line. To many of the list archiving services and mail clients
used by list subscribers this makes your new message appear as part
of the old thread. This makes it harder for other users to find
relevant information when searching the lists.
This is known as thread hijacking and is behaviour that is frowned
upon on this list. Frequent offenders will be removed from the list.
It should also be noted that many list subscribers automatically
ignore any messages that hijack another thread.
The correct procedure is to create a new message with a new subject.
This will start a new thread.
Mark
tomcat-user-owner
---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org