Expose config for secure random algorithm for SSLEngine

author: Bjørn Christian Seime <bjorncs@oath.com> 2017-09-21 13:57:11 +0200
committer: Bjørn Christian Seime <bjorncs@oath.com> 2017-09-21 14:05:22 +0200
commit: 56b8381bda253670750c93357cc43368aae50643 (patch)
tree: fd91e453b1ed987fa92f3bf715cc1ecbd80946d6 /jdisc_http_service/src/main/resources/configdefinitions/jdisc.http.connector.def
parent: add0eefcc5bc009ade396d9e993ff08a42e33a37 (diff)
1 files changed, 6 insertions, 0 deletions
diff --git a/jdisc_http_service/src/main/resources/configdefinitions/jdisc.http.connector.def b/jdisc_http_service/src/main/resources/configdefinitions/jdisc.http.connector.def
index 0a4cfc5680f..1c059fff2e7 100644
--- a/jdisc_http_service/src/main/resources/configdefinitions/jdisc.http.connector.def
+++ b/jdisc_http_service/src/main/resources/configdefinitions/jdisc.http.connector.def
@@ -80,3 +80,9 @@ ssl.protocol                        string   default="TLS"
 
 # Client authentication mode. See SSLEngine.getNeedClientAuth()/getWantClientAuth() for details.
 ssl.clientAuth                      enum { DISABLED, WANT_AUTH, NEED_AUTH }  default=DISABLED
+
+# The SecureRandom implementation passed to SSLEngine.init()
+# Java have a default pseudo-random number generator (PRNG) for crypto operations. This default may have performance
+# issues on some platform (e.g. NativePRNG in Linux utilizes a global lock). Changing the generator to SHA1PRNG may
+# improve performance. Set value to empty string to use the default generator.
+ssl.prng                            string   default=""
author	Bjørn Christian Seime <bjorncs@oath.com>	2017-09-21 13:57:11 +0200
committer	Bjørn Christian Seime <bjorncs@oath.com>	2017-09-21 14:05:22 +0200
commit	56b8381bda253670750c93357cc43368aae50643 (patch)
tree	fd91e453b1ed987fa92f3bf715cc1ecbd80946d6 /jdisc_http_service/src/main/resources/configdefinitions/jdisc.http.connector.def
parent	add0eefcc5bc009ade396d9e993ff08a42e33a37 (diff)