diff --git a/akka-remote/src/main/scala/akka/remote/transport/netty/NettySSLSupport.scala b/akka-remote/src/main/scala/akka/remote/transport/netty/NettySSLSupport.scala index 949ef235fb..a902b96530 100644 --- a/akka-remote/src/main/scala/akka/remote/transport/netty/NettySSLSupport.scala +++ b/akka-remote/src/main/scala/akka/remote/transport/netty/NettySSLSupport.scala @@ -29,8 +29,6 @@ private[akka] class SSLSettings(config: Config) { val SSLProtocol = Option(getString("protocol")).filter(_.length > 0) - val SSLRandomSource = Option(getString("sha1prng-random-source")).filter(_.length > 0) - val SSLRandomNumberGenerator = Option(getString("random-number-generator")).filter(_.length > 0) // FIXME: Change messages to reflect new configuration @@ -58,17 +56,7 @@ private[akka] object NettySSLSupport { def apply(settings: SSLSettings, log: LoggingAdapter, isClient: Boolean): SslHandler = if (isClient) initializeClientSSL(settings, log) else initializeServerSSL(settings, log) - def initializeCustomSecureRandom(rngName: Option[String], sourceOfRandomness: Option[String], log: LoggingAdapter): SecureRandom = { - /** - * According to this bug report: http://bugs.sun.com/view_bug.do?bug_id=6202721 - * Using /dev/./urandom is only necessary when using SHA1PRNG on Linux - * Use 'new SecureRandom()' instead of 'SecureRandom.getInstance("SHA1PRNG")' to avoid having problems - */ - sourceOfRandomness foreach { path ⇒ - System.setProperty("java.security.egd", path) - System.setProperty("securerandom.source", path) - } - + def initializeCustomSecureRandom(rngName: Option[String], log: LoggingAdapter): SecureRandom = { val rng = rngName match { case Some(r @ ("AES128CounterSecureRNG" | "AES256CounterSecureRNG" | "AES128CounterInetRNG" | "AES256CounterInetRNG")) ⇒ log.debug("SSL random number generator set to: {}", r) @@ -94,7 +82,7 @@ private[akka] object NettySSLSupport { def constructClientContext(settings: SSLSettings, log: LoggingAdapter, trustStorePath: String, trustStorePassword: String, protocol: String): Option[SSLContext] = try { - val rng = initializeCustomSecureRandom(settings.SSLRandomNumberGenerator, settings.SSLRandomSource, log) + val rng = initializeCustomSecureRandom(settings.SSLRandomNumberGenerator, log) val trustManagers: Array[TrustManager] = { val trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm) trustManagerFactory.init({ @@ -143,7 +131,7 @@ private[akka] object NettySSLSupport { def constructServerContext(settings: SSLSettings, log: LoggingAdapter, keyStorePath: String, keyStorePassword: String, protocol: String): Option[SSLContext] = try { - val rng = initializeCustomSecureRandom(settings.SSLRandomNumberGenerator, settings.SSLRandomSource, log) + val rng = initializeCustomSecureRandom(settings.SSLRandomNumberGenerator, log) val factory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm) factory.init({ val keyStore = KeyStore.getInstance(KeyStore.getDefaultType) diff --git a/akka-remote/src/test/scala/akka/remote/RemotingSpec.scala b/akka-remote/src/test/scala/akka/remote/RemotingSpec.scala index 72f3b83ce4..7ea21adc52 100644 --- a/akka-remote/src/test/scala/akka/remote/RemotingSpec.scala +++ b/akka-remote/src/test/scala/akka/remote/RemotingSpec.scala @@ -48,7 +48,6 @@ object RemotingSpec { protocol = "TLSv1" random-number-generator = "AES128CounterSecureRNG" enabled-algorithms = [TLS_RSA_WITH_AES_128_CBC_SHA] - sha1prng-random-source = "/dev/./urandom" } akka { diff --git a/akka-remote/src/test/scala/akka/remote/Ticket1978CommunicationSpec.scala b/akka-remote/src/test/scala/akka/remote/Ticket1978CommunicationSpec.scala index c157a1894e..4af6c53f6e 100644 --- a/akka-remote/src/test/scala/akka/remote/Ticket1978CommunicationSpec.scala +++ b/akka-remote/src/test/scala/akka/remote/Ticket1978CommunicationSpec.scala @@ -48,7 +48,6 @@ object Configuration { protocol = "TLSv1" random-number-generator = "%s" enabled-algorithms = [%s] - sha1prng-random-source = "/dev/./urandom" } } } @@ -65,8 +64,7 @@ object Configuration { val fullConfig = config.withFallback(AkkaSpec.testConf).withFallback(ConfigFactory.load).getConfig("akka.remote.netty.ssl.ssl") val settings = new SSLSettings(fullConfig) - val rng = NettySSLSupport.initializeCustomSecureRandom(settings.SSLRandomNumberGenerator, - settings.SSLRandomSource, NoLogging) + val rng = NettySSLSupport.initializeCustomSecureRandom(settings.SSLRandomNumberGenerator, NoLogging) rng.nextInt() // Has to work settings.SSLRandomNumberGenerator foreach { diff --git a/akka-remote/src/test/scala/akka/remote/Ticket1978ConfigSpec.scala b/akka-remote/src/test/scala/akka/remote/Ticket1978ConfigSpec.scala index 88179b4ab1..1e530556b6 100644 --- a/akka-remote/src/test/scala/akka/remote/Ticket1978ConfigSpec.scala +++ b/akka-remote/src/test/scala/akka/remote/Ticket1978ConfigSpec.scala @@ -19,7 +19,6 @@ class Ticket1978ConfigSpec extends AkkaSpec with ImplicitSender with DefaultTime protocol = "TLSv1" random-number-generator = "AES128CounterSecureRNG" enabled-algorithms = [TLS_RSA_WITH_AES_128_CBC_SHA] - sha1prng-random-source = "/dev/./urandom" }""") "SSL Remoting" must { @@ -32,7 +31,6 @@ class Ticket1978ConfigSpec extends AkkaSpec with ImplicitSender with DefaultTime settings.SSLTrustStorePassword must be(Some("changeme")) settings.SSLProtocol must be(Some("TLSv1")) settings.SSLEnabledAlgorithms must be(Set("TLS_RSA_WITH_AES_128_CBC_SHA")) - settings.SSLRandomSource must be(Some("/dev/./urandom")) settings.SSLRandomNumberGenerator must be(Some("AES128CounterSecureRNG")) } }