I am running into an issue where java is slow when used over SSL. The solution is to add
-Djava.security.egd=file:/dev/./urandomto java at the command line. Since I have multiple JVM's, I dont want to modify every single JVM to contain this string and hence would like to add it to the file
$JAVA_HOME/jre/lib/security/java.security
Now, the java.security file already contains
securerandom.source=file:/dev/urandom
Two questions on this :
This is actually a hack introduced into the JVM back in 1.3 or 1.4 days.
The basic issue is that in the native JVM code they hardcoded /dev/urandom
to actually use /dev/random
to attempt to ensure sufficient entropy. Since /dev/urandom
is supposed to be guaranteed not to block, this has the unintended consequence of blocking if not enough entropy is available.
The hardcoding looks specifically for the string /dev/urandom
, so providing something that resolves to the same thing but doesn't match that causes the desired behavior. If you code /dev/./urandom
you bypass the hardcoded aliasing and get to the intended urandom
entropy source.