Issue

Threads lock up in java.security.SecureRandom.nextBytes which cause the AEM application to hang:

java.lang.Thread.State: BLOCKED (on object monitor)
at java.security.SecureRandom.nextBytes(SecureRandom.java:468)
- waiting to lock <0x0000000744cb6070> (a java.security.SecureRandom)
at org.bouncycastle.crypto.CipherKeyGenerator.generateKey(Unknown Source)
at org.bouncycastle.jcajce.provider.symmetric.util.BaseKeyGenerator.engineGenerateKey(Unknown Source)
at javax.crypto.KeyGenerator.generateKey(KeyGenerator.java:540)

Cause

This is a known issue [1] in Linux systems where the /dev/random runs out of "entropy" and it causes the system to block threads.

[1] https://bugs.java.com/view_bug.do?bug_id=6708214

Resolution

  1. The easiest solution is to install haveged to the Linux OS. This process makes sure that the /dev/random device is supplied with enough randomness to avoid performance issues.

    On Debian based platforms (Debian, Ubuntu):

    sudo apt-get install rng-tools
    sudo update-rc.d haveged defaults

    On Redhat platforms (RHEL, Fedora, CentOS):

    sudo yum install rng-tools
    sudo chkconfig haveged on
  2. Another solution is to use /dev/urandom instead of /dev/random. However, it has the downside of reduced security due to less randomness.

    • Edit $JAVA_HOME/jre/lib/security/java.security
    • Modify this line:
    securerandom.source=file:/dev/random

    to

    securerandom.source=file:/dev/urandom
  3. Alternative solutions can be found here.

Esta obra está autorizada con arreglo a la licencia de Reconocimiento-NoComercial-CompartirIgual 3.0 Unported de Creative Commons.  Los términos de Creative Commons no cubren las publicaciones en Twitter™ y Facebook.

Avisos legales   |   Política de privacidad en línea