<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40">
<head>
<meta http-equiv=Content-Type content="text/html; charset=us-ascii">
<meta name=Generator content="Microsoft Word 12 (filtered medium)">
<style>
<!--
/* Font Definitions */
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:Tahoma;
panose-1:2 11 6 4 3 5 4 4 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
margin-bottom:.0001pt;
font-size:11.0pt;
font-family:"Calibri","sans-serif";}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:purple;
text-decoration:underline;}
p.MsoAcetate, li.MsoAcetate, div.MsoAcetate
{mso-style-priority:99;
mso-style-link:"Balloon Text Char";
margin:0in;
margin-bottom:.0001pt;
font-size:8.0pt;
font-family:"Tahoma","sans-serif";}
span.EmailStyle17
{mso-style-type:personal-compose;
font-family:"Calibri","sans-serif";
color:windowtext;}
span.BalloonTextChar
{mso-style-name:"Balloon Text Char";
mso-style-priority:99;
mso-style-link:"Balloon Text";
font-family:"Tahoma","sans-serif";}
.MsoChpDefault
{mso-style-type:export-only;}
@page Section1
{size:8.5in 11.0in;
margin:1.0in 1.0in 1.0in 1.0in;}
div.Section1
{page:Section1;}
-->
</style>
<!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
</head>
<body lang=EN-US link=blue vlink=purple>
<div class=Section1>
<p class=MsoNormal>We are having some difficulties when using Stunnel under
load. <o:p></o:p></p>
<p class=MsoNormal>The maximum sessions running on a Windows servers seems to
be set at 935 concurrent connections. <o:p></o:p></p>
<p class=MsoNormal>Our system uses Stunnel to route incoming SSL traffic on
port 443 through Openssl to a Java application on port 26789. Both Stunnel and
the Java server run on a Windows 2003 server, with between 4GB and 8GB of ram,
both running Dual Intel Zeon 2Ghz processors. The problem is that when the
Stunnel server is under load, the maximum connections that we can achieve is
935 concurrent connections (Windows threads between 936 and 938), before
Stunnel throws errors and starts closing the connections. <br>
Here is some additional information about our system: <o:p></o:p></p>
<p class=MsoNormal>Stunnel version 4.21 (latest Windows binaries)<o:p></o:p></p>
<p class=MsoNormal>OpenSSL 0.9.8g<o:p></o:p></p>
<p class=MsoNormal>Stunnel Config: <o:p></o:p></p>
<p class=MsoNormal>-----------------------------------------------------------------------<o:p></o:p></p>
<p class=MsoNormal style='margin-left:.5in'>debug = 7<o:p></o:p></p>
<p class=MsoNormal style='margin-left:.5in'>output = stunnel.log<o:p></o:p></p>
<p class=MsoNormal style='margin-left:.5in'><o:p> </o:p></p>
<p class=MsoNormal style='margin-left:.5in'># Use it for client mode<o:p></o:p></p>
<p class=MsoNormal style='margin-left:.5in'>#client = yes<o:p></o:p></p>
<p class=MsoNormal style='margin-left:.5in'>#TIMEOUTidle = 60<o:p></o:p></p>
<p class=MsoNormal style='margin-left:.5in'>socket = a:TCP_NODELAY=1<o:p></o:p></p>
<p class=MsoNormal style='margin-left:.5in'>socket = a:SO_LINGER=a:0<o:p></o:p></p>
<p class=MsoNormal style='margin-left:.5in'>socket = r:TCP_NODELAY=1<o:p></o:p></p>
<p class=MsoNormal style='margin-left:.5in'>socket = r:SO_LINGER=r:0<o:p></o:p></p>
<p class=MsoNormal style='margin-left:.5in'>socket = l:TCP_NODELAY=1<o:p></o:p></p>
<p class=MsoNormal style='margin-left:.5in'>socket = l:SO_LINGER=l:0<o:p></o:p></p>
<p class=MsoNormal style='margin-left:.5in'><o:p> </o:p></p>
<p class=MsoNormal style='margin-left:.5in'># Service-level configuration<o:p></o:p></p>
<p class=MsoNormal style='margin-left:.5in'><o:p> </o:p></p>
<p class=MsoNormal style='margin-left:.5in'>[JAVASERVER]<o:p></o:p></p>
<p class=MsoNormal style='margin-left:.5in'>#session = 5000<o:p></o:p></p>
<p class=MsoNormal style='margin-left:.5in'>accept = 443<o:p></o:p></p>
<p class=MsoNormal style='margin-left:.5in'>connect = localhost: 26789<o:p></o:p></p>
<p class=MsoNormal style='margin-left:.5in'># delay = yes<o:p></o:p></p>
<p class=MsoNormal style='margin-left:.5in'><o:p> </o:p></p>
<p class=MsoNormal style='margin-left:.5in'>#transparent = yes<o:p></o:p></p>
<p class=MsoNormal>-----------------------------------------------------------------------<o:p></o:p></p>
<p class=MsoNormal><o:p> </o:p></p>
<p class=MsoNormal>We have tried various options, such as the TIMEOUTidle and
session parameters for Stunnel, but with no luck. We have even tried running
Stunnel separately on a Linux distro (FC4), with even less positive results. <o:p></o:p></p>
<p class=MsoNormal>The pertinent errors in the log files are as follows: <br>
Connection closed: 178664 bytes sent to SSL, 44646 bytes sent to socket<o:p></o:p></p>
<p class=MsoNormal>SSL alert (write): warning: close notify<br>
_beginthread: Exec format error (8)<o:p></o:p></p>
<p class=MsoNormal>Connection rejected: create_client failed<o:p></o:p></p>
<p class=MsoNormal><o:p> </o:p></p>
<p class=MsoNormal>I can mail full logs of our load tests as well.<o:p></o:p></p>
<p class=MsoNormal>Our server will be expected to handle upwards of 10000
connections at a time, we’ve been researching for about a week now how to
get the performance we need, but so far nothing. <o:p></o:p></p>
<p class=MsoNormal><o:p> </o:p></p>
<p class=MsoNormal>Iain<o:p></o:p></p>
<p class=MsoNormal><o:p> </o:p></p>
<p class=MsoNormal><o:p> </o:p></p>
<p class=MsoNormal><o:p> </o:p></p>
</div>
</body>
</html>