On Thu, Jun 16, 2016 at 10:23 AM, Romain Manni-Bucau <rmannibu...@gmail.com> wrote:
> @Andy: you can use FastNonSecureRandom to disable it, should be enough for > applications not using the session > Thanks for the suggestion. That's certainly an option, but it requires some configuration that I'd like to be unnecessary. Undertow's approach has the benefit that, without requiring any configuration changes, the cost of using SecureRandom is only paid by applications that need it. I find that very compelling. Andy
