SecureRandom.nextBytes hangs request threads in AEM

Issue

Threads lock up in java.security.SecureRandom.nextBytes which cause the AEM application to hang:

java.lang.Thread.State: BLOCKED (on object monitor)
at java.security.SecureRandom.nextBytes(SecureRandom.java:468)
- waiting to lock <0x0000000744cb6070> (a java.security.SecureRandom)
at org.bouncycastle.crypto.CipherKeyGenerator.generateKey(Unknown Source)
at org.bouncycastle.jcajce.provider.symmetric.util.BaseKeyGenerator.engineGenerateKey(Unknown Source)
at javax.crypto.KeyGenerator.generateKey(KeyGenerator.java:540)

Cause

This is a known issue [1] in Linux systems where the /dev/random runs out of "entropy" and it causes the system to block threads.

[1] https://bugs.java.com/view_bug.do?bug_id=6708214

Resolution

  1. The easiest solution is to install haveged to the Linux OS. This process makes sure that the /dev/random device is supplied with enough randomness to avoid performance issues.

    On Debian based platforms (Debian, Ubuntu):

    sudo apt-get install rng-tools
    sudo update-rc.d haveged defaults

    On Redhat platforms (RHEL, Fedora, CentOS):

    sudo yum install rng-tools
    sudo chkconfig haveged on
  2. Another solution is to use /dev/urandom instead of /dev/random. However, it has the downside of reduced security due to less randomness.

    • Edit $JAVA_HOME/jre/lib/security/java.security
    • Modify this line:
    securerandom.source=file:/dev/random

    to

    securerandom.source=file:/dev/urandom
  3. Alternative solutions can be found here.

 Adobe

Get help faster and easier

New user?

Adobe MAX 2024

Adobe MAX
The Creativity Conference

Oct 14–16 Miami Beach and online

Adobe MAX

The Creativity Conference

Oct 14–16 Miami Beach and online

Adobe MAX 2024

Adobe MAX
The Creativity Conference

Oct 14–16 Miami Beach and online

Adobe MAX

The Creativity Conference

Oct 14–16 Miami Beach and online