[stunnel-users] problem with buffering data on stunnel
wujot at home.pl
Fri Jul 10 20:17:24 CEST 2015
Thank you for your answer.
I've made many tests using those parameters you've suggested. It is very
good solution for decreasing buffer in Stunnel, but in my case it is not
enough. Encrypted session on path beetwen slow client in GPRS network and
Stunnel server is using TCPWindowSize on the level 5KB or less. But
unencrypted session on path between Stunnel server and hi-speed end server
(both in LAN) is using TcpWindowSize on level 64KB - 131KB (in Windows 2008
or newer it is calculated automatically). So I steel have at least 64KB
buffer in stunnel.
Is there any possibility to force stunnel to use on faster part of
connection (LAN side) the value of TcpWindowSize similar to calculated on
slower part (on WAN side)?
Dnia 2015-07-09 12:18 Michal Trojnara napisał(a):
-----BEGIN PGP SIGNED MESSAGE-----
My guess would be:
socket = l:SO_RCVBUF=2048
socket = r:SO_SNDBUF=2048
On 09.07.2015 11:53, wujot wrote:
I have a problem with transmission from LAN server, which use
another server on LAN with running stunnel, to pass encrypted data
to remote SSL clients if they are on very slow GPRS network. If
server in LAN starts to transfer big amount of data to such slow
remote client, stunnel is buffering data and slowly transmits them
to the GPRS client. TCP Window on connection from LAN server to
stunnel is big (64 - 131kB), and TCP Window on connection from
stunnel to slow client is small (about 5kB). And additionally
stunnel is buffering data. So, server is finishing transmission in
seconds, but in fact most of data are still in buffers of stunnel.
And it makes a timeout problem (server is waiting for the
confirmation from client if it received all data, but time between
last byte sent from server and confirmation from client could be
even several minutes).
So, stunnel is working in "store and forward" model. Is it possible
to switch it to something like "cut through"? Or how to force
stunnel to more synchronized transmission between client and
mailing list stunnel-users at stunnel.org
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIcBAEBAgAGBQJVnkpAAAoJEC78f/DUFuAU7YsP/1Ih 4CpKK0g uAZ hJxBrXl
6lh p 8QHSA/cHpMmpqh xyTR/pEfLnYOyg NmYzd468QMXuZ1SV1davrw5gQF9i
-----END PGP SIGNATURE-----
stunnel-users mailing list
stunnel-users at stunnel.org
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the stunnel-users