You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tomcat.apache.org by Vince Stewart <st...@gmail.com> on 2019/12/30 04:01:43 UTC
secureRandom... using [SHA1PRNG] ..took (up to) 20 minutes
I started recently using my my java app with embedded Tomcat / 8.0.28 on a
debian VPS (DigitalOcean).
Unfortunately, it can take up to 20 minutes to launch into action from the
time you start execution. The issue relates to "Creation of SecureRandom
instance ... using SHA1PRNG". Slowness has been described and explained in
Stackoverflow.
My tomcat has otherwise been so reliable that I have had no motivation to
keep it upgraded. Can anyone advise if some change will apply if I upgrade
to the latest version 8.
Otherwise, is there a configuration change I could employ.
Many thanks,
--
Sent from: http://tomcat.10.x6.nabble.com/Tomcat-User-f1968778.html
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: [OT] secureRandom... using [SHA1PRNG] ..took (up to) 20 minutes
Posted by Christopher Schultz <ch...@christopherschultz.net>.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Vince,
On 12/29/19 23:01, Vince Stewart wrote:
> I started recently using my my java app with embedded Tomcat /
> 8.0.28 on a debian VPS (DigitalOcean).
>
> Unfortunately, it can take up to 20 minutes to launch into action
> from the time you start execution. The issue relates to "Creation
> of SecureRandom instance ... using SHA1PRNG". Slowness has been
> described and explained in Stackoverflow.
>
> My tomcat has otherwise been so reliable that I have had no
> motivation to keep it upgraded. Can anyone advise if some change
> will apply if I upgrade to the latest version 8.
You'll probably find that a later Tomcat is less buggy/more
reliable/secure, and faster. I have no specific metrics, but Tomcat
8.0 -> 8.5 removed a lot of cruft necessary to support the BIO
connectors. The later versions have simpler code which will be less
prone to bugs, edge cases, and also of course less code running per
request, therefore better performance. Links to security reports can
be found on the Tomcat home page. Comparing fixes in 8.5 versus those
not mentioned AT ALL in the 8.90 changelog are likely to be (mild)
vulnerabilities in your version of Tomcat.
- -chris
-----BEGIN PGP SIGNATURE-----
Comment: Using GnuPG with Thunderbird - https://www.enigmail.net/
iQIzBAEBCAAdFiEEMmKgYcQvxMe7tcJcHPApP6U8pFgFAl4LaU4ACgkQHPApP6U8
pFikNg/8DvwSDVC07hd4t3mARIw2EqOZRmUV923mOnaOs6hh6GzgXM2wNc55HdWb
c7hktUKj0bKyy8nGDUa5jGaDEvVv8l3LPE5aqEUXc/dJsAKFXCJbHwFXUwGWRQRx
DK/TmpsQx5HQr8z4kSWNOsjs3tGSndOXF0Cth/E6HeyyAoYEZ9IdZ2PrH7aIULk4
U+kJfKzRavRsOYnXOs48D52A4QpVRge0LfbOEaHVmfeEz3p/xbO25ftamM1wtJnY
I101FENv2LuSB5BLRjNnvniF0X71341aBEMJgaTRcyBx/KcA/CFsZBwtD2MGQz98
oA3TeWBvzMlKdyWCXs5Vb8oYmwKRyIYdDFUVJwyL9IBGspRrEF2GqLUWY093BulF
NjShFaOdOa+/FgYCqdxJJute/4o4MDB/9WkFe/zGYlRHTw9zPz9qTpxTIWrbksdM
n017DhLzUvcxRgkNjIzwsiFtlTTU7H702z8QiYAH7//QqRzFyha3snqSn64Zf96F
ZRLif9eTShtfrQtBJc4wSZGu4nd1lCfjRcBjKDyR4SB4FjbjnoOuCioATt2GL1tW
bICAsVexCrVi4725RaUc7ignfF96oRwR/tuXFf2wqD9YPod6cQR2e5ophLvzyDng
Fju3Xdw6mn0fkXEwbwyCiHGIolcDNnvSpa35ztR5ETvEAm4vEK8=
=dZFM
-----END PGP SIGNATURE-----
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: secureRandom... using [SHA1PRNG] ..took (up to) 20 minutes
Posted by Christopher Schultz <ch...@christopherschultz.net>.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Markus,
On 12/30/19 05:27, info@flyingfischer.ch wrote:
> apt-get install haveged update-rc.d haveged defaults
>
> Increases entropy pool and there for reduces start up time for
> Tomcat.
I would argue that haveged reduces your security because it makes
/dev/random (a supposedly-secure source of entropy) behave like
/dev/urandom which is supposed to be sufficiently-random yet not
secure for things like generating keys.
You should use the right tool for the right job: use /dev/random for
keys (and let it take 20 minute if necessary) and /dev/urandom for
other uses.
- -chris
> Am 30.12.19 um 11:22 schrieb Rainer Jung:
>> It depends a bit on the major Java version you are using, but
>> have a look at this page:
>>
>> https://cwiki.apache.org/confluence/display/TOMCAT/HowTo+FasterStartU
p#HowToFasterStartUp-EntropySource
>>
>>
>>
>>
Regards,
>>
>> Rainer
>>
>> Am 30.12.2019 um 05:01 schrieb Vince Stewart:
>>> I started recently using my my java app with embedded Tomcat /
>>> 8.0.28 on a debian VPS (DigitalOcean).
>>>
>>> Unfortunately, it can take up to 20 minutes to launch into
>>> action from the time you start execution. The issue relates to
>>> "Creation of SecureRandom instance ... using SHA1PRNG".
>>> Slowness has been described and explained in Stackoverflow.
>>>
>>> My tomcat has otherwise been so reliable that I have had no
>>> motivation to keep it upgraded. Can anyone advise if some
>>> change will apply if I upgrade to the latest version 8.
>>>
>>> Otherwise, is there a configuration change I could employ.
>>>
>>> Many thanks,
>>
>> ---------------------------------------------------------------------
>>
>>
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
>> For additional commands, e-mail: users-help@tomcat.apache.org
>>
>
>
> ---------------------------------------------------------------------
>
>
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
>
-----BEGIN PGP SIGNATURE-----
Comment: Using GnuPG with Thunderbird - https://www.enigmail.net/
iQIzBAEBCAAdFiEEMmKgYcQvxMe7tcJcHPApP6U8pFgFAl4LaJIACgkQHPApP6U8
pFjeVA//QXVvuJUvLOIfTqWXsQvgwh1w4IIqDOZcRgCy3fbpdEWgv2oRkz6B0vNO
WwjQXR2PNyfTLjIq8pjiGQMH9AihX6rGal9IUJ6qGFVXBr2xqb0c+8XMy3nEKYlI
++YKoe4OuVX3xG0a+iozPY1fnHSTt05xGZo1WdTgPE1gmkWmF+J76OOeA5Gb8Yx6
57O+ok6yhmBj9sBD2QwKa4L4UZNAoObJS7fzYYrzdkhcRn545NISdYMV4hE5Va5K
8vfq2fO3eLMcRebYra5nAmaLovv4M3zJalpTHE4nOhJ+6HqcDV41TiS7HaHe/2+e
34bMjQlA0FIE7J1InfJCTamVPEw5F357WetYS0eLlhR26rFG1zz3ra5W9d3JNbW7
PNTQZhfJmE7ZarmN1WsUUSmkRPD0SNQYWcHJ3zgdUMl2AJoMDB9Eo/bn+mw4Ht23
vha4dUk1ePjsWD1eaAGBWYUswjvZ+wfUjkXOCTtFadO2LHzOdfRASg4UpYeKFOL9
KgazuTx9xssHrc5UfSlojoSSVohLFievhS1cGGzN8IEHWN1ZYcAoLUpGAE0sC8yf
NPyBaqiQfv+vYkiODXSnE80ivWr1m1McJAamNL469yJnqc6qPPGm3cOr4DMAVJWh
ktpDai+wXpS3YEciXkLIH9Dn7KNLzNr43M/uXFs5gLdm6LnKvSE=
=jdiM
-----END PGP SIGNATURE-----
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: secureRandom... using [SHA1PRNG] ..took (up to) 20 minutes
Posted by "info@flyingfischer.ch" <in...@flyingfischer.ch>.
apt-get install haveged
update-rc.d haveged defaults
Increases entropy pool and there for reduces start up time for Tomcat.
Markus
Am 30.12.19 um 11:22 schrieb Rainer Jung:
> It depends a bit on the major Java version you are using, but have a
> look at this page:
>
> https://cwiki.apache.org/confluence/display/TOMCAT/HowTo+FasterStartUp#HowToFasterStartUp-EntropySource
>
>
> Regards,
>
> Rainer
>
> Am 30.12.2019 um 05:01 schrieb Vince Stewart:
>> I started recently using my my java app with embedded Tomcat / 8.0.28
>> on a
>> debian VPS (DigitalOcean).
>>
>> Unfortunately, it can take up to 20 minutes to launch into action
>> from the
>> time you start execution. The issue relates to "Creation of SecureRandom
>> instance ... using SHA1PRNG". Slowness has been described and
>> explained in
>> Stackoverflow.
>>
>> My tomcat has otherwise been so reliable that I have had no
>> motivation to
>> keep it upgraded. Can anyone advise if some change will apply if I
>> upgrade
>> to the latest version 8.
>>
>> Otherwise, is there a configuration change I could employ.
>>
>> Many thanks,
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
>
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: secureRandom... using [SHA1PRNG] ..took (up to) 20 minutes
Posted by Rainer Jung <ra...@kippdata.de>.
It depends a bit on the major Java version you are using, but have a
look at this page:
https://cwiki.apache.org/confluence/display/TOMCAT/HowTo+FasterStartUp#HowToFasterStartUp-EntropySource
Regards,
Rainer
Am 30.12.2019 um 05:01 schrieb Vince Stewart:
> I started recently using my my java app with embedded Tomcat / 8.0.28 on a
> debian VPS (DigitalOcean).
>
> Unfortunately, it can take up to 20 minutes to launch into action from the
> time you start execution. The issue relates to "Creation of SecureRandom
> instance ... using SHA1PRNG". Slowness has been described and explained in
> Stackoverflow.
>
> My tomcat has otherwise been so reliable that I have had no motivation to
> keep it upgraded. Can anyone advise if some change will apply if I upgrade
> to the latest version 8.
>
> Otherwise, is there a configuration change I could employ.
>
> Many thanks,
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org