[stunnel-users] Stunnel high memory usage?

Matt Wise matt at nextdoor.com
Thu Aug 16 16:34:17 CEST 2012

We use Stunnel 4.5.2 in our environment of Ubuntu 10.04/12.04 systems in various clouds. We're leveraging PGPool for SSL encryption of a lot of different types of traffic ... Zookeeper, Postgresql, and AMQP traffic are some examples for us. Mostly everything works great .. its fast, and very reliable. I've just noticed though that on a particular group of machines we are seeing really high memory usage on the Stunnel process that seems to grow and grow over time. I found this Stunnel process using over 350MB of ram yesterday ... and on an m1.small in Amazon, thats a big chunk!

Here's our client config file:

> cert = /etc/stunnel/localhost-pgpool.pem
> key = /etc/stunnel/localhost-pgpool.key
> CAfile = /etc/stunnel/localhost-pgpool_ca.pem
> verify = 2
> delay = no
> sslVersion = TLSv1
> client = yes
> setuid = stunnel4
> setgid = stunnel4
> pid = /var/lib/stunnel4/localhost-pgpool.stunnel4.pid
> socket = l:TCP_NODELAY=1
> socket = r:TCP_NODELAY=1
> TIMEOUTconnect = 2
> session = 86400
> debug = 4
> [localhost-pgpool]
> accept  =
> failover = rr
> connect = prod-pgpool1-uswest1:6433
> connect = prod-pgpool2-uswest1:6433

My first thought was that perhaps the Session cache was too large... so I dropped it to '3600'. Now instead of 360MB, I'm seeing Stunnel sit at around 170MB. Is the session ID cache just caching thousands and thousands of new session IDs without properly re-using them? It seems like the session ID cache should never have more than:  Currently_Used_Session_IDs  + Session_IDs_unused_but_last_used_within_the_last_hour

Any thoughts on what might be going on?


More information about the stunnel-users mailing list