[stunnel-users] Stunnel hangs on big flows of data

• Previous message (by thread): [stunnel-users] setting up HTTPS service?
• Next message (by thread): [stunnel-users] Stunnel hangs on big flows of data
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hi...
I'm deploying stunnel on some servers.
I did some tests, and i never had problems.
For example, i tried 5k parallel connections, and i didn't have any  
problem.

But, i have problems when a small number of connections wants to  
transfer big chunks of information; the connection hangs.

This is a snippet of logs:

Server side:
2006.10.20 16:00:58 LOG7[20302:1]: oracle11521 accepted FD=226 from  
192.168.22.10:39721
2006.10.20 16:00:58 LOG7[20302:200]: oracle11521 started
2006.10.20 16:00:58 LOG7[20302:200]: FD 226 in non-blocking mode
2006.10.20 16:00:58 LOG7[20302:200]: TCP_NODELAY option set on local  
socket
2006.10.20 16:00:58 LOG5[20302:200]: oracle11521 connected from  
192.168.22.10:39721
2006.10.20 16:00:58 LOG7[20302:200]: SSL state (accept): before/ 
accept initialization
2006.10.20 16:00:58 LOG7[20302:200]: SSL state (accept): SSLv3 read  
client hello A
2006.10.20 16:00:58 LOG7[20302:200]: SSL state (accept): SSLv3 write  
server hello A
2006.10.20 16:00:58 LOG7[20302:200]: SSL state (accept): SSLv3 write  
change cipher spec A
2006.10.20 16:00:58 LOG7[20302:200]: SSL state (accept): SSLv3 write  
finished A
2006.10.20 16:00:58 LOG7[20302:200]: SSL state (accept): SSLv3 flush  
data
2006.10.20 16:00:58 LOG7[20302:200]: SSL state (accept): SSLv3 read  
finished A
2006.10.20 16:00:58 LOG7[20302:200]:    3 items in the session cache
2006.10.20 16:00:58 LOG7[20302:200]:    0 client connects (SSL_connect 
())
2006.10.20 16:00:58 LOG7[20302:200]:    0 client connects that finished
2006.10.20 16:00:58 LOG7[20302:200]:    0 client renegotiations  
requested
2006.10.20 16:00:58 LOG7[20302:200]:  199 server connects (SSL_accept())
2006.10.20 16:00:58 LOG7[20302:200]:  194 server connects that finished
2006.10.20 16:00:58 LOG7[20302:200]:    0 server renegotiations  
requested
2006.10.20 16:00:58 LOG7[20302:200]:  173 session cache hits
2006.10.20 16:00:58 LOG7[20302:200]:    0 session cache misses
2006.10.20 16:00:58 LOG7[20302:200]:   18 session cache timeouts
2006.10.20 16:00:58 LOG6[20302:200]: SSL accepted: previous session  
reused
2006.10.20 16:00:58 LOG7[20302:200]: FD 227 in non-blocking mode
2006.10.20 16:00:58 LOG7[20302:200]: oracle11521 connecting  
192.168.22.13:1521
2006.10.20 16:00:58 LOG7[20302:200]: connect_wait: waiting 10 seconds
2006.10.20 16:00:58 LOG7[20302:200]: connect_wait: connected
2006.10.20 16:00:58 LOG7[20302:200]: Remote FD=227 initialized
2006.10.20 16:00:58 LOG7[20302:200]: TCP_NODELAY option set on remote  
socket
2006.10.20 16:00:58 LOG7[20302:75]: SSL_read returned WANT_READ:  
retrying
2006.10.20 16:00:58 LOG7[20302:75]: SSL_read returned WANT_READ:  
retrying
2006.10.20 16:00:58 LOG7[20302:75]: SSL_read returned WANT_READ:  
retrying

client side:
2006.10.20 16:16:01 LOG6[12415:91]: SSL connected: new session  
negotiated
2006.10.20 16:16:01 LOG6[12415:91]: Negotiated ciphers: DES-CBC3- 
SHA            SSLv3 Kx=RSA      Au=RSA  Enc=3DES(168) Mac=SHA1
2006.10.20 16:16:01 LOG7[12415:91]: Socket closed on read
2006.10.20 16:16:01 LOG7[12415:91]: SSL write shutdown
2006.10.20 16:16:01 LOG7[12415:91]: SSL alert (write): warning: close  
notify
2006.10.20 16:16:01 LOG7[12415:91]: SSL_shutdown retrying
2006.10.20 16:16:01 LOG7[12415:91]: SSL doesn't need to read or write
2006.10.20 16:16:01 LOG7[12415:91]: SSL alert (read): warning: close  
notify
2006.10.20 16:16:01 LOG7[12415:91]: SSL closed on SSL_read
2006.10.20 16:16:01 LOG7[12415:91]: Socket write shutdown
2006.10.20 16:16:01 LOG5[12415:91]: Connection closed: 3663 bytes  
sent to SSL, 5239 bytes sent to socket
2006.10.20 16:16:01 LOG7[12415:91]: oracle11521 finished (3 left)

The timings are shifted, i don't know if the delta of time is related  
to a misconfiguration of clock on the machines, or are snippets taken  
from different events... i don't have direct access to the machines.

I tried to make a test (client and server on the same machine)

client:
nc localhost 10001 >>/dev/null
stunnel accept on 10001 and connect to localhost:11521

on the server side:
stunnel accept on 11521 and connect on 1521
cat 230megsfile | nc -l -p 1521 & 2>&1 >>/dev/null

so, when the nc on client side connects, the server starts the cat.

It did complete correctly within a pair of minutes on an ibook 64  
1.33 1g ram, but with LOADS of want_read and want_write errors on  
both sides of stunnel.

The server and client are working on "big iron", i mean some  
superdome hardware with 30-40 cpu on both sides, and with an  
estimated traffic of 10gig/day

And, important... the version of the stunnel instances is 4.15

Can you help me?

Bye, dario.

• Previous message (by thread): [stunnel-users] setting up HTTPS service?
• Next message (by thread): [stunnel-users] Stunnel hangs on big flows of data
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]