[stunnel-users] STunnel performance Issues

Jones Scott - sjones Scott.Jones at acxiom.com
Mon Dec 11 16:20:36 CET 2006

I am having problems will apache and stunnel being able to handle load.
I am using stunnel to encrypt my ajp traffic from apache to jboss.  This
helps me bridge our internal firewall.
But during load testing the system starts breaking down.  It takes about
1/5 the load to break down apache and stunnel, than directly against my
jboss node.
Any performance tuning recommendations would be great.
I am using stunnel straight out of the box.  I will place the
configuration file below.
; Sample stunnel configuration file by Michal Trojnara 2002-2006
; Some options used here may not be adequate for your particular
; Please make sure you understand them (especially the effect of chroot
; Certificate/key is needed in server mode and optional in client mode
;cert = /usr/local/stunnel/etc/stunnel/mail.pem
;key = /usr/local/stunnel/etc/stunnel/mail.pem
; Protocol version (all, SSLv2, SSLv3, TLSv1)
sslVersion = SSLv3
; Some security enhancements for UNIX systems - comment them out on
chroot = /usr/local/stunnel/var/lib/stunnel/
setuid = nobody
setgid = nogroup
; PID is created inside chroot jail
pid = /stunnel.pid
; Some performance tunings
socket = l:TCP_NODELAY=1
socket = r:TCP_NODELAY=1
;compression = rle
; Workaround for Eudora bug
; Authentication stuff
;verify = 2
; Don't forget to c_rehash CApath
; CApath is located inside chroot jail
CApath = certificates
; It's often easier to use CAfile
CAfile = /usr/local/stunnel/etc/stunnel/certs.pem
; Don't forget to c_rehash CRLpath
; CRLpath is located inside chroot jail
;CRLpath = /crls
; Alternatively you can use CRLfile
;CRLfile = /usr/local/stunnel/etc/stunnel/crls.pem
; Some debugging stuff useful for troubleshooting
;debug = 7
output = stunnel.log
; Use it for client mode
client = yes
; Service-level configuration
accept = 8009
connect = xxxx2:8009
accept = 1433
connect = XXXX1:443
The information contained in this communication is confidential, is
intended only for the use of the recipient named above, and may be legally

If the reader of this message is not the intended recipient, you are
hereby notified that any dissemination, distribution or copying of this
communication is strictly prohibited.

If you have received this communication in error, please resend this
communication to the sender and delete the original message or any copy
of it from your computer system.

Thank You.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.stunnel.org/pipermail/stunnel-users/attachments/20061211/7bf8165d/attachment.html>

More information about the stunnel-users mailing list