Connection Reset using ORACLE JDBC

Applies to:

     Oracle 11.2.0.4

          on Linux  Platform

Symptoms:

example 1:

Caused by: java.sql.SQLRecoverableException: Erreur d'E/S: Connection reset

example 2:

ORACLE CONNECTION PROBLEM (Attempt number 1 of 3) MESSAGE:Cannot create PoolableConnectionFactory (Erreur d'E/S: Connection reset)]

example 3:

return jpype.java.sql.DriverManager.getConnection(*driver_args)

jpype._jexception.SQLRecoverableExceptionPyRaisable: java.sql.SQLRecoverableException: Erreur d'E/S: Connection reset

 

Cause:

java.security.SecureRandom (#5 ) is a standard API provided by sun. Among various methods offered by this class void nextBytes(byte[]) is one. This method is used for generating random bytes. Oracle 11g JDBC drivers use this API to generate random number during login. Users using Linux have been encountering SQLException("Io exception: Connection reset").

The problem is two fold

1. The JVM tries to list all the files in the /tmp (or alternate tmp directory set by -Djava.io.tmpdir) when SecureRandom.nextBytes(byte[]) is invoked. If the number of files is large the method takes a long time to respond and hence cause the server to timeout
2. The method void nextBytes(byte[]) uses /dev/random on Linux and on some machines which lack the random number generating hardware the operation slows down to the extent of bringing the whole login process to a halt. Ultimately the the user encounters SQLException("Io exception: Connection reset")

Users upgrading to 11g can encounter this issue if the underlying OS is Linux which is running on a faulty hardware.

The cause of this has not yet been determined exactly. It could either be a problem in your hardware or the fact that for some reason the software cannot read from dev/random    

Solution:

Change the setup for your application, so you add the next parameter to the java command:

-Djava.security.egd=file:/dev/./urandom

Or edit $JAVA_HOME/jre/lib/security/java.security and add the line : securerandom.source=file:/dev/./urandom

Why not securerandom.source=file/dev/urandom (#4)

Note the "/./" characters in the value. They are needed to work around known Oracle JRE bug #6202721.

See also JDK Enhancement Proposal 123. It is known that implementation of SecureRandom was improved in Java 8 onwards.

Sources:

https://community.oracle.com/thread/943911

http://www.usn-it.de/index.php/2009/02/20/oracle-11g-jdbc-driver-hangs-blocked-by-devrandom-entropy-pool-empty/

https://kb.sos-berlin.com/display/PKB/ORACLE+IO+exception+-+Connection+reset+or+Timeout+reached+-+30s+-+for+process

#4 https://docs.oracle.com/cd/E13209_01/wlcp/wlss30/configwlss/jvmrand.html

#5 https://stackoverflow.com/questions/2327220/oracle-jdbc-intermittent-connection-issue