SecureRandom.nextBytes hangs request threads in AEM

Issue

Threads lock up in java.security.SecureRandom.nextBytes which cause the AEM application to hang:

java.lang.Thread.State: BLOCKED (on object monitor)
at java.security.SecureRandom.nextBytes(SecureRandom.java:468)
- waiting to lock <0x0000000744cb6070> (a java.security.SecureRandom)
at org.bouncycastle.crypto.CipherKeyGenerator.generateKey(Unknown Source)
at org.bouncycastle.jcajce.provider.symmetric.util.BaseKeyGenerator.engineGenerateKey(Unknown Source)
at javax.crypto.KeyGenerator.generateKey(KeyGenerator.java:540)

Cause

This is a known issue [1] in Linux systems where the /dev/random runs out of "entropy" and it causes the system to block threads.

[1] https://bugs.java.com/view_bug.do?bug_id=6708214

Resolution

  1. The easiest solution is to install haveged to the Linux OS. This process makes sure that the /dev/random device is supplied with enough randomness to avoid performance issues.

    On Debian based platforms (Debian, Ubuntu):

    sudo apt-get install rng-tools
    sudo update-rc.d haveged defaults

    On Redhat platforms (RHEL, Fedora, CentOS):

    sudo yum install rng-tools
    sudo chkconfig haveged on
  2. Another solution is to use /dev/urandom instead of /dev/random. However, it has the downside of reduced security due to less randomness.

    • Edit $JAVA_HOME/jre/lib/security/java.security
    • Modify this line:
    securerandom.source=file:/dev/random

    to

    securerandom.source=file:/dev/urandom
  3. Alternative solutions can be found here.

 Adobe

Daha hızlı ve daha kolay yardım alın

Yeni kullanıcı mısınız?

Adobe MAX 2024

Adobe MAX
Yaratıcılık Konferansı

14–16 Ekim Miami Beach ve çevrimiçi

Adobe MAX

Yaratıcılık Konferansı

14–16 Ekim Miami Beach ve çevrimiçi

Adobe MAX 2024

Adobe MAX
Yaratıcılık Konferansı

14–16 Ekim Miami Beach ve çevrimiçi

Adobe MAX

Yaratıcılık Konferansı

14–16 Ekim Miami Beach ve çevrimiçi