[stunnel-users] stunnel 5.18 may keep high CPU usage

Dod dodfr at yahoo.com
Mon Jun 15 00:04:02 CEST 2015


Hello Michal,

I think I found something about the permanent CPU usage, it may not be
directly related to DH calculation.

Now  I  activated the debug=info level I have a better view of what is
happening.

As  showed  in  my previous mail with the log sample, the last stunnel
startup  showed  DH  calculation in a matter of minutes all was OK and
CPU slowed down as it should at the end of calculation.

But  right  now a few hours later the CPU is stuck again with this 25%
usage.

I  checked  the  logs and saw nothing related to DH or [CRON] so it is
not  because  DH  calculation  may  have restarted sooner than the 24H
expected cycle.

The only thing I did is to travel with my laptop in my bag so computer
went  into  standby  mode and then awaked 2 hours later and right now,
one hour after this awake CPU is still 25%.

Going  from  standby to awake mode produced some winsock errors in the
logs  (nothing unusual, all related to the loss of my WiFi the time it
connect again) like :

Software caused connection abort (WSAECONNABORTED) (10053)
Network is unreachable (WSAENETUNREACH) (10051)

I think that CPU usage may go crazy if some kind of session failure
happen, but I may be wrong.

Did something change between 5.17 and 5.18 related to error/session
management ?

regards.

Sunday, June 14, 2015, 9:13:09 PM, you wrote:

J> On 14/06/15, you wrote in gmane.network.stunnel.user:


>> I appreciate your opinions.  Do you think I should trade security
>> for 20 minutes idle CPU time every 24 hours?
>> On modern machines it's closer to 2 minutes...
>> Mike

J> Hi,

J> No, of course not. I understood that you did this for security
J> reasons. Better randomize DH params every X time, then fixed, but
J> maybe should be considered.

J> An user option maybe, to set fixed or random, but random by default? 
J> Just an idea.

J> Note that I'm not requesting this for me, just telling that could be 
J> low specs environments to run tiny servers. If it is going to be 
J> default, good to know anyway.

J> I would lie if I don't say that I run the server(s) for small periods
J> of time and having stunnel running 20 minutes calculating the DH is
J> [something], even the DH aren't needed to start connections.

J> You set as fixed from 4.40 (according to manual) and I'm using
J> Stunnel from 4.5x, so this was new to me.

J> Regards.

J> P.S.: fixed=hardcoded
J> _______________________________________________
J> stunnel-users mailing list
J> stunnel-users at stunnel.org
J> https://www.stunnel.org/cgi-bin/mailman/listinfo/stunnel-users


                      mailto:dodfr at yahoo.com



More information about the stunnel-users mailing list