You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tomcat.apache.org by Christopher Schultz <ch...@christopherschultz.net> on 2019/12/31 15:29:18 UTC
Re: [OT] secureRandom... using [SHA1PRNG] ..took (up to) 20 minutes
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Vince,
On 12/29/19 23:01, Vince Stewart wrote:
> I started recently using my my java app with embedded Tomcat /
> 8.0.28 on a debian VPS (DigitalOcean).
>
> Unfortunately, it can take up to 20 minutes to launch into action
> from the time you start execution. The issue relates to "Creation
> of SecureRandom instance ... using SHA1PRNG". Slowness has been
> described and explained in Stackoverflow.
>
> My tomcat has otherwise been so reliable that I have had no
> motivation to keep it upgraded. Can anyone advise if some change
> will apply if I upgrade to the latest version 8.
You'll probably find that a later Tomcat is less buggy/more
reliable/secure, and faster. I have no specific metrics, but Tomcat
8.0 -> 8.5 removed a lot of cruft necessary to support the BIO
connectors. The later versions have simpler code which will be less
prone to bugs, edge cases, and also of course less code running per
request, therefore better performance. Links to security reports can
be found on the Tomcat home page. Comparing fixes in 8.5 versus those
not mentioned AT ALL in the 8.90 changelog are likely to be (mild)
vulnerabilities in your version of Tomcat.
- -chris
-----BEGIN PGP SIGNATURE-----
Comment: Using GnuPG with Thunderbird - https://www.enigmail.net/
iQIzBAEBCAAdFiEEMmKgYcQvxMe7tcJcHPApP6U8pFgFAl4LaU4ACgkQHPApP6U8
pFikNg/8DvwSDVC07hd4t3mARIw2EqOZRmUV923mOnaOs6hh6GzgXM2wNc55HdWb
c7hktUKj0bKyy8nGDUa5jGaDEvVv8l3LPE5aqEUXc/dJsAKFXCJbHwFXUwGWRQRx
DK/TmpsQx5HQr8z4kSWNOsjs3tGSndOXF0Cth/E6HeyyAoYEZ9IdZ2PrH7aIULk4
U+kJfKzRavRsOYnXOs48D52A4QpVRge0LfbOEaHVmfeEz3p/xbO25ftamM1wtJnY
I101FENv2LuSB5BLRjNnvniF0X71341aBEMJgaTRcyBx/KcA/CFsZBwtD2MGQz98
oA3TeWBvzMlKdyWCXs5Vb8oYmwKRyIYdDFUVJwyL9IBGspRrEF2GqLUWY093BulF
NjShFaOdOa+/FgYCqdxJJute/4o4MDB/9WkFe/zGYlRHTw9zPz9qTpxTIWrbksdM
n017DhLzUvcxRgkNjIzwsiFtlTTU7H702z8QiYAH7//QqRzFyha3snqSn64Zf96F
ZRLif9eTShtfrQtBJc4wSZGu4nd1lCfjRcBjKDyR4SB4FjbjnoOuCioATt2GL1tW
bICAsVexCrVi4725RaUc7ignfF96oRwR/tuXFf2wqD9YPod6cQR2e5ophLvzyDng
Fju3Xdw6mn0fkXEwbwyCiHGIolcDNnvSpa35ztR5ETvEAm4vEK8=
=dZFM
-----END PGP SIGNATURE-----
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org