Other |
---|
5.0 tigerFixed |
Duplicate :
|
|
Duplicate :
|
|
Relates :
|
|
Relates :
|
Name: gm110360 Date: 06/20/2002 FULL PRODUCT VERSION : > java -version java version "1.4.0" Java(TM) 2 Runtime Environment, Standard Edition (build 1.4.0-b92) Java HotSpot(TM) Client VM (build 1.4.0-b92, mixed mode) FULL OPERATING SYSTEM VERSION : [fjo@maren jObj]$ uname -r -s -p Linux 2.4.9-34 unknown On intel pIII A DESCRIPTION OF THE PROBLEM : I'm using SSL to access a webbserver and https:// urls, which is now available by default and use the com.sun.net.ssl package I believe. The problem is that the SecureRandom number generator which is used to create the connection is seeded from the blocking random device /dev/random. This causes an application using SSL urls to hang anything from seconds to several minutes depending on how much randomness is available on the first access of a https url. I believe all linuxes has /dev/urandom today, and hopefully so will Solaris in the next versions (there is a patch for it). If SecureRandom was seeded from /dev/urandom instead the performance would increase incredibly. So basically, please use /dev/urandom prior to /dev/random if it exists. There are too many asking for randomness nowadays to use /dev/random. The increased security of using /dev/random for seeding must be rather negligible and right now the performance of setting up a connection is so bad that I may not be able to use SSL at all, which doesn't really improve security. STEPS TO FOLLOW TO REPRODUCE THE PROBLEM : 1.Use any api that accesses an url and access a https one. It is a documented "feature", I simply ask it to be resolved. REPRODUCIBILITY : This bug can be reproduced always. (Review ID: 153694) ======================================================================
|