SecureRandom.nextBytes hangs request threads in AEM

Issue

Threads lock up in java.security.SecureRandom.nextBytes which cause the AEM application to hang:

java.lang.Thread.State: BLOCKED (on object monitor)
at java.security.SecureRandom.nextBytes(SecureRandom.java:468)
- waiting to lock <0x0000000744cb6070> (a java.security.SecureRandom)
at org.bouncycastle.crypto.CipherKeyGenerator.generateKey(Unknown Source)
at org.bouncycastle.jcajce.provider.symmetric.util.BaseKeyGenerator.engineGenerateKey(Unknown Source)
at javax.crypto.KeyGenerator.generateKey(KeyGenerator.java:540)

Cause

This is a known issue [1] in Linux systems where the /dev/random runs out of "entropy" and it causes the system to block threads.

[1] https://bugs.java.com/view_bug.do?bug_id=6708214

Resolution

  1. The easiest solution is to install haveged to the Linux OS. This process makes sure that the /dev/random device is supplied with enough randomness to avoid performance issues.

    On Debian based platforms (Debian, Ubuntu):

    sudo apt-get install rng-tools
    sudo update-rc.d haveged defaults

    On Redhat platforms (RHEL, Fedora, CentOS):

    sudo yum install rng-tools
    sudo chkconfig haveged on
  2. Another solution is to use /dev/urandom instead of /dev/random. However, it has the downside of reduced security due to less randomness.

    • Edit $JAVA_HOME/jre/lib/security/java.security
    • Modify this line:
    securerandom.source=file:/dev/random

    to

    securerandom.source=file:/dev/urandom
  3. Alternative solutions can be found here.

 Adobe

Pyydä apua nopeammin ja helpommin

Oletko uusi käyttäjä?

Adobe MAX 2024

Adobe MAX
Luovuuskonferenssi

14.–16.10. Miami Beach ja verkossa

Adobe MAX

Luovuuskonferenssi

14.–16.10. Miami Beach ja verkossa

Adobe MAX 2024

Adobe MAX
Luovuuskonferenssi

14.–16.10. Miami Beach ja verkossa

Adobe MAX

Luovuuskonferenssi

14.–16.10. Miami Beach ja verkossa