Java ignores /dev/urandom or slow Tomcat SHA1PRNG SSL

Perhaps a good choice for security reasons, but if you have Tomcat in a development environment, and you wanted to test SSL it can take Tomcat forever to startup due to it waiting on entropy.

The recommended solutions online must have been written back in Java 1.4 with Tomcat days where you could set RANDFILE or -Djava.security.egd=file:/dev/urandom, etc. to fix it. However using "/dev/urandom" is ignored as per http://bugs.sun.com/bugdatabase/view_bug.do?bug_id=6202721.

Some people like to use /dev/./urandom to fool Java into not overridding it with /dev/random. Others even use /dev/zero. Annoying that Sun decided this isn't a bug and didn't ever bother to document this anywhere like in the java.security file.

Options to fix:

1. Leave it as is where /dev/random is used (even if set to /dev/urandom) and use some third party tool to introduce sufficient random entropy into your system so /dev/random doesn't block so slowly
2. Modify jre/lib/security/java.security file so line securerandom.source=file:/dev/./urandom
3. Pass in -Djava.security.egd=file:/dev/./urandom

#1 is your best option to get real security. The other options are useful for test/dev environments where you aren't using real SSL certificates and security doesn't matter.

• Enable TRIM/Discard on USB for Linux
• Router Forced TOR Access Point
• Python Pandas Excel Format Column Number Type
• VMConnect Hyper-V Custom Resolution Ubuntu
• Ubuntu VM with Enhanced Session Hyper-V with Sound

• Computer Problems
• Curriculum Vitae
• Free Stuff
• Games
• Misc
• Programming
• Security
• Tech Tricks