[stunnel-users] TCP_NODELAY for stunnel (was: Can't connect to Yahoo POP3)

Ludolf Holzheid lholzheid at bihl-wiedemann.de
Sat May 16 12:31:01 CEST 2009

On Fri, 2009-05-15 20:55:12 +0200, Michal Trojnara wrote:
> Gary Kuznitz wrote:
>> ; Some performance tunings
>> socket = l:TCP_NODELAY=1
>> socket = r:TCP_NODELAY=1
> IMHO it's not a good idea for non-interactive connections, e.g. pop3.

On the contrary, I think Stunnel should disable Nagle by default:

If the Nagle algorithm is enabled, the TCP layer delays sending of
small chunks of data for some ms in the expectation of other small
chunks to be fed to the socket. The small chunks are then combined and
sent in one single IP packet.

This is reasonable for connections that transport larger amounts of
data without waiting for an explicit acknowledge from the receiver (on
the application level). For e.g. POP3, this allows the application to
feed the mail body line-by-line to the TCP socket, without sending
silly small 80-byte packets over the wire.

For interactive connections (or even during the protocol handshake of
POP3) the Nagle algorithm adds an extra delay to each round-trip. This
is why it's up to the application to decide for or against Nagle.

However, the stunnel sockets are not connected to the application.
Stunnel just forwards data from one socket to another (besides
encrypting, of course). For that, it reads as much data as available
from one socket and immediately feeds it to the other one.  Provided
the original application configured Nagle appropriately, there are no
silly small packets on the wire. Thus, the size of the data chunks
Stunnel reads and writes are suitable for the protocol already. I
don't see a reason for additional delays.

I can imagine one situation where it was reasonable to have Nagle
enabled for Stunnel: If the tunnel end point is on the same box as the
application, and the TCP layer is clever enough to skip Nagle for
'local' connections, then Stunnel may have Nagle enabled on the socket
connected to the 'remote' host.

Disabling Nagle on sockets to localhost should always be a good idea.


P.S. @Gary: Don't worry too much about setting TCP_NODELAY or not.
            The effect of the Nagle algorithm may be measurable, but I
            don't expect you to feel a difference while fetching


Ludolf Holzheid             Tel:    +49 621 339960
Bihl+Wiedemann GmbH         Fax:    +49 621 3392239
Floßwörthstraße 41          e-mail: lholzheid at bihl-wiedemann.de
D-68199 Mannheim, Germany

More information about the stunnel-users mailing list