Slow startup Tomcat because of SecureRandom

今天在新机器上启动tomcat应用的时候,发现巨慢,检查日志发现有如下信息:

Jan 09, 2018 8:44:35 PM org.apache.catalina.util.SessionIdGenerator createSecureRandom
INFO: Creation of SecureRandom instance for session ID generation using [SHA1PRNG] took [239,939] milliseconds.

这块初始化SecureRandom用了239,939毫秒,之前没遇到这个问题。查了一下发现在官方wikihttps://wiki.apache.org/tomcat/HowTo/FasterStartUp#Entropy_Source

Entropy Source
Tomcat 7+ heavily relies on SecureRandom class to provide random values for its session ids and in other places. Depending on your JRE it can cause delays during startup if entropy source that is used to initialize SecureRandom is short of entropy. You will see warning in the logs when this happens, e.g.:

<DATE> org.apache.catalina.util.SessionIdGenerator createSecureRandom
INFO: Creation of SecureRandom instance for session ID generation using [SHA1PRNG] took [5172] milliseconds.
There is a way to configure JRE to use a non-blocking entropy source by setting the following system property: -Djava.security.egd=file:/dev/./urandom

Note the “/./” characters in the value. They are needed to work around known Oracle JRE bug #6202721. See also JDK Enhancement Proposal 123. It is known that implementation of SecureRandom was improved in Java 8 onwards.

Also note that replacing the blocking entropy source (/dev/random) with a non-blocking one actually reduces security because you are getting less-random data. If you have a problem generating entropy on your server (which is common), consider looking into entropy-generating hardware products such as “EntropyKey”.

解决办法

基于官方wiki,解决办法是在tomcat的startenv.sh脚本中增加

-Djava.security.egd=file:/dev/./urandom

不过tomcat的wiki中提到,如果使用这个非阻塞的/dev/urandom的话,会有一些安全方面的风险,说实话没看懂,不过写了一篇Myths about /dev/urandom来证明使用/dev/urandom是没问题的,所以就先用着吧:-)

关于 熵源”(entropy source)

这篇文章:JVM上的随机数与熵池策略说的比较清楚,推荐大家阅读

参考资料

如果你想就本篇文章与我交流,可以在文章下方留言或者写邮件到me#wenchao.ren(#->@)
本文版权归作者所有,除非文章内特别说明,否则你可以随意转载本站的文章,但请文章页面明显位置给出原文连接。谢谢。
赞赏

微信赞赏支付宝赞赏

2 replies to Slow startup Tomcat because of SecureRandom

  1. https://docs.oracle.com/cd/E13209_01/wlcp/wlss30/configwlss/jvmrand.html也给出了同样的解释。

    Root Cause
    Random numbers are a cryptographic primitive – a building block for cryptographic protocols. For example, in SSL connections, the bulk of the data is encrypted using a symmetric encryption. The communicating parties (client and server) negotiate a symmetric encryption algorithm to be used as well as a key to be used for that algorithm. This session key is a randomly generated one. It is exchanged securely between the parties through the use of public key cryptography.

    The Linux kernel facilitates random number generation through two devices: /dev/random and /dev/urandom with different properties:

    /dev/random “should be suitable for uses that need very high quality randomness such as one-time pad or key generation. When the entropy pool is empty, reads from /dev/random will block until additional environmental noise is gathered” (random(4)).
    /dev/urandom will not block, but the quality of its randomness may be lower.
    The kernel maintains an entropy pool for these devices. The entropy pool is fed by entropy sources of the system, typically coming from the keyboard, the mouse, and some other device drivers or IRQs. Entropy from the entropy pool is consumed in the generation of random data (i.e. through reads from /dev/random and /dev/urandom).

    • 牛逼啊大神

发表评论

电子邮件地址不会被公开。 必填项已用*标注