Slow startup SecureRandom?

225 views
Skip to first unread message

Curtis Ruck

unread,
Jul 31, 2018, 4:44:43 PM7/31/18
to CAS Community
Has anyone seen messages like this, which the symptoms are a very slow startup/service warmup (if idle for a while).

2018-07-31 16:40:53,793 WARN [org.apache.catalina.util.SessionIdGeneratorBase] - <Creation of SecureRandom instance for session ID generation using [SHA1PRNG] took [28,394] milliseconds.>
2018-07-31 16:40:53,794 WARN [org.apache.catalina.util.SessionIdGeneratorBase] - <Creation of SecureRandom instance for session ID generation using [SHA1PRNG] took [28,395] milliseconds.>
 

Curtis Ruck

unread,
Jul 31, 2018, 4:58:46 PM7/31/18
to CAS Community
turns it out it was because java pulls from /dev/random which didn't have enough entropy.  I've configured rngd to generate entropy, other options are pointing SecureRandom to /dev/urandom through system properties.

William E.

unread,
Aug 1, 2018, 12:06:08 PM8/1/18
to CAS Community
We install haveged on our linux servers that are vm's.

David Curry

unread,
Aug 1, 2018, 12:16:22 PM8/1/18
to cas-...@apereo.org
We also install haveged. Haven't had any issues with it.

--

DAVID A. CURRY, CISSP
DIRECTOR OF INFORMATION SECURITY
INFORMATION TECHNOLOGY

71 FIFTH AVE., 9TH FL., NEW YORK, NY 10003
+1 212 229-5300 x4728david...@newschool.edu

The New School



--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+u...@apereo.org.
To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/9515e4ca-46cd-466e-9462-00a9150cbdbb%40apereo.org.
Reply all
Reply to author
Forward
0 new messages