While making a cfhttp call to a coldfusion server the apache httpclient library tries to generate a secure random number. It is an operation which depends on the "entropy" of the system.

In case of linux systems (mainly the ones which are freshly installed) it is observed that this operation can be quite time consuming because the system "entropy" is apparently quite low. Hence, as a consequence cfhttp calls will be slow.

Fortunately for people who deploy Coldfusion-10 on linux machines this is not a reason to worry. Just do one of the following:

1. Set this system property to your JVM – if you are using standalone CF installation, you would set it in jvm.config.



2. In $JAVA_HOME/jre/lib/security/java.security file, change the value of securerandom.source to file:/dev/./urandom 


You can also refer to this post by Shilpi, from the ColdFusion team which talks about this issue



10 Comments to “Optimizing CFHTTP calls on Linux systems”

  1. Wil Genovese
    Would this be true for previous ColdFusion versions?
  2. Altamish Ahmad
    This is only for Coldfusion 10.
  3. Henry Ho
    what's this secure random number? how is it used?
  4. gaurav linux
    really awesome information.. i like this tutorial by you. and i think i am learning from your blog... awesome

    Regards >>

    Gaurav Garg Linux
  5. Renaud
    cfhttp is very slow under linux.
    Even with those options set.
    4 seconds for a simple cfhttp on google.com.
    I don't understand.
  6. Patrick
    Hmm, on my dev box -Djava.security.egd=/dev/urandom was set by default, which one is correct now, with file:/ or w/o?
  7. Thankful
    Thank you! You sir, are an absolute genious!
  8. Damien
    It would be more easier for me to understand if you could explain the secure random number thingy.

    I know ColdFusion doesn't support CentOS, but any plans of providing support for CentOS when ColdFusion 11 ships?
  9. Rupesh
    @Patrick, it should be set with 'file:/' and use the exact setting that Altamish has provided.

    @Damien, SecureRandom is actually used to generate cryptographically secure random numbers. I know that the Apache HttpClient library that we use internally or cfhttp makes use of SecureRandom but I am not sure why. I will need to check the HttpClient source for it. But anyways that is not important.
    The important thing is - if you are seeing your CFHTTP to be very slow and you are on a linux box, make sure to specify these settings to the JVM.
  10. cfmcoder
    We tried to add “-Djava.security.egd=file:/dev/./urandom” and it doesn't work.
    OS: CentOS.

Leave a Comment

Leave this field empty: