[stunnel-users] Stunnel high memory usage?
Matt Wise
matt at nextdoor.com
Thu Aug 16 16:34:17 CEST 2012
We use Stunnel 4.5.2 in our environment of Ubuntu 10.04/12.04 systems in various clouds. We're leveraging PGPool for SSL encryption of a lot of different types of traffic ... Zookeeper, Postgresql, and AMQP traffic are some examples for us. Mostly everything works great .. its fast, and very reliable. I've just noticed though that on a particular group of machines we are seeing really high memory usage on the Stunnel process that seems to grow and grow over time. I found this Stunnel process using over 350MB of ram yesterday ... and on an m1.small in Amazon, thats a big chunk!
Here's our client config file:
> cert = /etc/stunnel/localhost-pgpool.pem
> key = /etc/stunnel/localhost-pgpool.key
> CAfile = /etc/stunnel/localhost-pgpool_ca.pem
> verify = 2
> delay = no
> sslVersion = TLSv1
> client = yes
> setuid = stunnel4
> setgid = stunnel4
> pid = /var/lib/stunnel4/localhost-pgpool.stunnel4.pid
> socket = l:TCP_NODELAY=1
> socket = r:TCP_NODELAY=1
> TIMEOUTconnect = 2
> session = 86400
> debug = 4
> [localhost-pgpool]
> accept = 127.0.0.1:5001
> failover = rr
> connect = prod-pgpool1-uswest1:6433
> connect = prod-pgpool2-uswest1:6433
My first thought was that perhaps the Session cache was too large... so I dropped it to '3600'. Now instead of 360MB, I'm seeing Stunnel sit at around 170MB. Is the session ID cache just caching thousands and thousands of new session IDs without properly re-using them? It seems like the session ID cache should never have more than: Currently_Used_Session_IDs + Session_IDs_unused_but_last_used_within_the_last_hour
Any thoughts on what might be going on?
--Matt
More information about the stunnel-users
mailing list