CFHTTP: first request fast, following slow

Question

I'm having a lot of trouble with CF10's CFHTTP at the moment.

First, my test script:

<CFSET results = arraynew(1) />
<CFLOOP from="1" to="10" index="idx">
    <CFSET timer_start = getTickCount() />
    <CFHTTP url="https://www.google.de" method="get" result="test" />
    <CFSET arrayappend(results, (getTickCount()-timer_start)/1000 & " s") />
</CFLOOP>
<CFDUMP var="#results#" />

10 CFHTTP calls in a row, the time they take gets pushed to an array; that's all.

Results of our CF9 server:

Results of our CF10 server:

Results of our CF10 server with 5 sec delay between CFHTTP calls:

I already read on the forum and Shilpi's Blog that the reason could be that the Linux server runs out of entropy. I checked that with watch --interval=0.1 cat ... while my test script ran but it never dropped far under 4k (with rngd already installed).

Does anybody has another idea what I could try to fix this problem? Using /dev/urandom seems to be an insecure hack to me; so that's not an option (since CF10 server is production machine).

Thanks guys!

Answer 1

While making a cfhttp call to a coldfusion server the apache httpclient library tries to generate a secure random number. It is an operation which depends on the "entropy" of the system.

In case of linux systems (mainly the ones which are freshly installed) it is observed that this operation can be quite time consuming because the system "entropy" is apparently quite low. Hence, as a consequence cfhttp calls will be slow.

Source: http://blogs.coldfusion.com/post.cfm/optimizing-cfhttp-calls-on-linux-systems

Solution: Add “-Djava.security.egd=file:/dev/./urandom” to your jvm-setting.

In the Adobe Forums, you find another thread with your problem and the same solution and a following link with further informations about the random number generator: http://forums.adobe.com/thread/1063806

There is no need for not using /dev/urandom as it is a secure solution: https://security.stackexchange.com/a/3939