@Andy: you can use FastNonSecureRandom to disable it, should be enough for applications not using the session
Romain Manni-Bucau @rmannibucau <https://twitter.com/rmannibucau> | Blog <https://blog-rmannibucau.rhcloud.com> | Old Wordpress Blog <http://rmannibucau.wordpress.com> | Github <https://github.com/rmannibucau> | LinkedIn <https://www.linkedin.com/in/rmannibucau> | Tomitriber <http://www.tomitribe.com> | JavaEE Factory <https://javaeefactory-rmannibucau.rhcloud.com> 2016-06-16 11:21 GMT+02:00 Rémy Maucherat <r...@apache.org>: > 2016-06-16 11:15 GMT+02:00 Andy Wilkinson <awilkin...@pivotal.io>: > > > I work on Spring Boot which uses Tomcat (or Jetty or Undertow) as an > > embedded servlet container. We've seen a number of complaints from users > > that their application hangs during startup, most often on a newly booted > > VPS. The root cause is a lack of entropy which causes Tomcat's use of > > SecureRandom for session ID generation to block. > > > > Users that choose to use Undertow rather than Tomcat aren't affected by > > this problem during startup. Like Tomcat, Undertow uses SecureRandom to > > generate session IDs. However, unlike Tomcat, Undertow does so lazily. > This > > defers the problem till the first request that uses a session and > > permanently if the application does not make use of HTTP sessions. > > > > Can we please explore the possibility of making Tomcat behave in a > similar > > way to Undertow? > > > > -1, I am against fake improvements. > > Rémy >
