[stunnel-users] Problem in Stunnel with too many connections

Michal Trojnara Michal.Trojnara at mobi-com.net
Wed Nov 29 21:16:06 CET 2006

On Wednesday 29 November 2006 16:56, ~ Kunal Sharma ~ wrote:
> I downloaded Stunnel from stunnel.org and had no idea I have a new version
> at *the home site*.

I see.  This page should put some light on it:

Brian Hatch, the author of www.stunnel.org web page did a great
job building the page, writing documentation, patches, etc.
Unfortunately he is quite busy nowadays, so the page is becoming
obsolete and misleading.

> But with the same version, I made the change suggested by you
> (TIMEOUTidle  = 30) and Stunnel has now being working for
> more than 18 hrs on the trot now !!!
> Can you please explain to me (only if you have time) what magic
> this did ? 

By default stunnel tries to keep idle (not transferring any traffic) 
connections up for 43200 seconds (12 hours).  It's generally a good idea 
(imagine a telnet or an irc session).  The drawback is that when a client has 
disconnected without shutting down or resetting TCP session (like it was 
turned off with the power switch or the the network cable was pulled off) 
stunnel server uses server resources (like a cpu thread, memory or tcp 
sockets) for the next 12 hours. That's not good on a heavy loaded server.  
Reducing the idle timeout from 43200 to 30 seconds eliminates this problem.

Best regards,
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
URL: <http://www.stunnel.org/pipermail/stunnel-users/attachments/20061129/72083763/attachment.sig>

More information about the stunnel-users mailing list