Friday, April 24, 2015

/dev/random story reloaded

If a t3s protocol is used -> SSL requires Random Numbers -> it's important to check that famous /dev/random story.
first check if the JVM is using /dev/random or /dev/urandom
doing lsof -p PID | grep random can show you which Randomness source the JVM is using
To check the performance of /dev/random on your specific machine, check how fast this command returns:
head -n 1 /dev/random
check that you have:
-Djava.security.egd=file:/dev/./urandom

it should be configured in : /opt/java/jdk160_85-64b/jre/lib/security/java.security
see also http://docs.oracle.com/cd/E13209_01/wlcp/wlss30/configwlss/jvmrand.html

No comments: