<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META http-equiv=Content-Type content="text/html; charset=iso-8859-1">
<META content="MSHTML 6.00.2800.1491" name=GENERATOR>
<STYLE></STYLE>
</HEAD>
<BODY bgColor=#ffffff>
<DIV><FONT face=Verdana size=2>Hello All,</FONT></DIV>
<DIV><FONT face=Verdana size=2></FONT> </DIV>
<DIV><FONT face=Verdana size=2>I am running a proprietary daemon on port 443
that accepts incoming connections. We are experiencing problems when activating
stunnel on our production box.</FONT></DIV>
<DIV><FONT face=Verdana size=2></FONT> </DIV>
<DIV><FONT face=Verdana size=2>Everytime that we run our daemon with stunnel,
our CPU and memory/swap area consumption is extremely intensive. Each
stunnel process consumes approximately 37Mb of RSS memory. I have browsed
through my logs and here is what I found:</FONT></DIV>
<DIV><FONT face=Verdana size=2></FONT> </DIV>
<DIV><FONT face=Verdana size=2>2005.04.18 14:35:00 LOG3[15242:1245336]:
transfer() loop executes not transferring any data<BR>2005.04.18 14:35:06
LOG3[15242:1245336]: please report the problem to <A
href="mailto:Michal.Trojnara@mirt.net">Michal.Trojnara@mirt.net</A><BR>2005.04.18
14:35:06 LOG3[15242:1245336]: socket open rd=yes wr=yes, ssl open rd=yes
wr=yes<BR>2005.04.18 14:35:06 LOG3[15242:1245336]: socket ready rd=no wr=no, ssl
ready rd=no wr=no<BR>2005.04.18 14:35:06 LOG3[15242:1245336]:
check_SSL_pending=0, ssl_closing=0<BR>2005.04.18 14:35:06 LOG5[15242:1245336]:
Connection reset: 258 bytes sent to SSL, 153319 bytes sent to
socket</FONT></DIV>
<DIV><FONT face=Verdana size=2></FONT> </DIV>
<DIV><FONT face=Verdana size=2>Some details:</FONT></DIV>
<DIV><FONT face=Verdana size=2></FONT> </DIV>
<DIV><FONT face=Verdana size=2>a) My configuration file:</FONT></DIV>
<DIV><FONT face=Verdana size=2>[https]<BR>accept =
443<BR>exec = /path/to/daemon<BR>execargs = daemon
-ssl<BR></FONT><FONT face=Verdana size=2></FONT></DIV>
<DIV><FONT face=Verdana size=2>stunnel 4.07 on i686-pc-linux-gnu
PTHREAD+POLL+IPv4+LIBWRAP with OpenSSL 0.9.6b [engine] 9 Jul
2001<BR> <BR>Global
options<BR>cert
=
/usr/local/etc/stunnel/stunnel.pem<BR>ciphers
=
ALL:!ADH:RC4+RSA:+SSLv2:@STRENGTH<BR>debug
=
5<BR>key
=
/usr/local/etc/stunnel/stunnel.pem<BR>pid
=
/usr/local/var/run/stunnel.pid<BR>RNDbytes
= 64<BR>RNDfile =
/dev/urandom<BR>RNDoverwrite =
yes<BR>session = 300
seconds<BR>verify =
none<BR> <BR>Service-level options<BR>TIMEOUTbusy =
300 seconds<BR>TIMEOUTclose = 60
seconds<BR>TIMEOUTconnect = 10
seconds<BR>TIMEOUTidle = 43200 seconds<BR></FONT></DIV>
<DIV><FONT face=Verdana size=2>b) </FONT></DIV>
<DIV><FONT face=Verdana
size=2>glibc-2.2.4-31.7<BR>glibc-devel-2.2.4-32.8<BR>libcap-1.10-6<BR>glibc-common-2.2.4-31.7<BR></FONT></DIV>
<DIV><FONT face=Verdana size=2>c) </FONT><FONT face=Verdana size=2>uname
-a<BR>Linux myserver 2.4.9-e.57enterprise #1 SMP Thu Dec 2 20:45:51 EST
2004 i686 unknown</FONT></DIV>
<DIV><FONT face=Verdana size=2></FONT> </DIV>
<DIV><FONT face=Verdana size=2>d) gcc -v</FONT><FONT face=Verdana size=2><BR>gcc
version 2.96 20000731 (Red Hat Linux 7.2 2.96-118.7.2)</FONT></DIV>
<DIV><FONT face=Verdana size=2></FONT> </DIV>
<DIV><FONT face=Verdana size=2>e) openssl version<BR>OpenSSL 0.9.6b [engine] 9
Jul 2001<BR></FONT></DIV>
<DIV><FONT face=Verdana size=2>Can anyone shred some light?</FONT></DIV>
<DIV><FONT face=Verdana size=2></FONT> </DIV>
<DIV><FONT face=Verdana size=2>I believe I should upgrade some of my core
components (gcc / openssl). I just need to make sure this is the right
direction.</FONT></DIV>
<DIV><FONT face=Verdana size=2></FONT> </DIV>
<DIV><FONT face=Verdana size=2>Thanks in advance,</FONT></DIV>
<DIV><FONT face=Verdana size=2></FONT><FONT face=Verdana
size=2><BR>X-------------------<BR>Michel Esber<BR>MCSE, MCSA, MCDBA</DIV>
<DIV> </DIV>
<DIV>Automatos - <A href="http://www.automatos.com">www.automatos.com</A><BR>US:
1 (866) 2293584</FONT></DIV></BODY></HTML>