[stunnel-users] Stunnel - Transfer loop executes not transferring any data.

Michel Esber michel at us.automatos.com
Mon Apr 18 21:10:31 CEST 2005

Hello All,

I am running a proprietary daemon on port 443 that accepts incoming connections. We are experiencing problems when activating stunnel on our production box.

Everytime that we run our daemon with stunnel, our CPU and memory/swap area consumption is extremely intensive. Each stunnel process consumes approximately 37Mb of RSS memory. I have browsed through my logs and here is what I found:

2005.04.18 14:35:00 LOG3[15242:1245336]: transfer() loop executes not transferring any data
2005.04.18 14:35:06 LOG3[15242:1245336]: please report the problem to Michal.Trojnara at mirt.net
2005.04.18 14:35:06 LOG3[15242:1245336]: socket open rd=yes wr=yes, ssl open rd=yes wr=yes
2005.04.18 14:35:06 LOG3[15242:1245336]: socket ready rd=no wr=no, ssl ready rd=no wr=no
2005.04.18 14:35:06 LOG3[15242:1245336]: check_SSL_pending=0, ssl_closing=0
2005.04.18 14:35:06 LOG5[15242:1245336]: Connection reset: 258 bytes sent to SSL, 153319 bytes sent to socket

Some details:

a) My configuration file:
accept   = 443
exec     = /path/to/daemon
execargs = daemon -ssl

stunnel 4.07 on i686-pc-linux-gnu PTHREAD+POLL+IPv4+LIBWRAP with OpenSSL 0.9.6b [engine] 9 Jul 2001
Global options
cert            = /usr/local/etc/stunnel/stunnel.pem
ciphers         = ALL:!ADH:RC4+RSA:+SSLv2:@STRENGTH
debug           = 5
key             = /usr/local/etc/stunnel/stunnel.pem
pid             = /usr/local/var/run/stunnel.pid
RNDbytes        = 64
RNDfile         = /dev/urandom
RNDoverwrite    = yes
session         = 300 seconds
verify          = none
Service-level options
TIMEOUTbusy     = 300 seconds
TIMEOUTclose    = 60 seconds
TIMEOUTconnect  = 10 seconds
TIMEOUTidle     = 43200 seconds


c) uname -a
Linux myserver 2.4.9-e.57enterprise #1 SMP Thu Dec 2 20:45:51 EST 2004 i686 unknown

d) gcc -v
gcc version 2.96 20000731 (Red Hat Linux 7.2 2.96-118.7.2)

e) openssl version
OpenSSL 0.9.6b [engine] 9 Jul 2001

Can anyone shred some light?

I believe I should upgrade some of my core components (gcc / openssl). I just need to make sure this is the right direction.

Thanks in advance,

Michel Esber

Automatos - www.automatos.com
US: 1 (866) 2293584
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.stunnel.org/pipermail/stunnel-users/attachments/20050418/6f45b5e6/attachment.html>

More information about the stunnel-users mailing list