[stunnel-users] stunnel 5.18 may keep high CPU usage

Michal Trojnara Michal.Trojnara at mirt.net
Sun Jun 14 18:46:48 CEST 2015


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 14.06.2015 16:47, Javier wrote:
> depending on your hardware, and what hardware we need now to run 
> stunnel in server mode...
[cut]
> For me isn't 25%CPU it is above 50% (or 100% in one thread) in a
> humble Pentium 4.

Yes, it may be a good idea to add static DH parameters into
stunnel.pem if you run stunnel on ARM, MIPS, or a 10 years old PC
platform.

> For me, too much. That is why I decided to follow your advice but, 
> anyway, this takes so much to be by default for every system where 
> stunnel runs. Some people might have stunnel running in lower
> specs hardware for a tiny server.
> 
> It is only my opinion.
[cut]
> P.S.: I waited till end before send this to the list and took, 
> finally, over 20 minutes...

I attempt to run this thread with low CPU priority wherever possible.
Some CPU utilization should not be a problem in practice.

The DH parameters are only generated when at least one of the services
runs in server mode.  I assume battery-powered machines rarely run as
servers...

I appreciate your opinions.  Do you think I should trade security for
20 minutes idle CPU time every 24 hours?
On modern machines it's closer to 2 minutes...

Mike
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iQIcBAEBAgAGBQJVfa/4AAoJEC78f/DUFuAUJzQP/AhR93O5TTOmxcEHXpfpnxpC
eJJ0000BYk4gmY6DowZWU4ToMIPug58wSOOy4QnD/X0dYhqzKmpcapFLgTorfill
ME6A48+VXs13Wwh3P3iH+WcmKQI8nIwb/7tQ4dm8TNcCEjF59EdV+PZVLZI21jWM
H5XCC8mhwMD8DMCypVtH4fSOlgQmfF5V1avf5TOiscFGmL66ZUs4WpmZsrN2b+76
EDH2t9a5b40gl+EKSI5V2KZUkU/YkZKOTB0TMNw8UyS+tGwaTqeQhqUzrJ1POfLm
Gk08GIVPK8bi0ogaCZQFI7mo8Ra/c/A3r7LD8hkm2ODlEKN3PL43w9ke96GOvuTi
vPeYAOSp48YHTJppFVAPx/44IRfVpyUWr4GK4+27I5Zx1rs350TkRejJgtsvRxy3
Dzahp9BpFlRG2RKIceNOiadpIm4jn3X8I4bWsUplhPw4eo79YNGRUgwqAEfUoL95
MTloEg2wi5sxDQLsRDXSLZRWmRA4ysT/cwfzn2YNGYWf2lSfH+aE82e0U0k7f3bn
Xw+h/6bmDL+kjkf2tpQlAAyiUPN1fb2FVNzgSca26DeTbm8wV8VotI3CXNGWlcmt
4WUV8FfcmuQDSZLwzvKXDsbda2V5PUchlaIM7XxMf1xBcszifpJTJotvnCDHKnc5
cBp+NYYH4x6ehAhL6OfM
=ISLr
-----END PGP SIGNATURE-----


More information about the stunnel-users mailing list