[stunnel-users] stunnel 5.18 may keep high CPU usage
dodfr at yahoo.com
Mon Jun 15 00:04:02 CEST 2015
I think I found something about the permanent CPU usage, it may not be
directly related to DH calculation.
Now I activated the debug=info level I have a better view of what is
As showed in my previous mail with the log sample, the last stunnel
startup showed DH calculation in a matter of minutes all was OK and
CPU slowed down as it should at the end of calculation.
But right now a few hours later the CPU is stuck again with this 25%
I checked the logs and saw nothing related to DH or [CRON] so it is
not because DH calculation may have restarted sooner than the 24H
The only thing I did is to travel with my laptop in my bag so computer
went into standby mode and then awaked 2 hours later and right now,
one hour after this awake CPU is still 25%.
Going from standby to awake mode produced some winsock errors in the
logs (nothing unusual, all related to the loss of my WiFi the time it
connect again) like :
Software caused connection abort (WSAECONNABORTED) (10053)
Network is unreachable (WSAENETUNREACH) (10051)
I think that CPU usage may go crazy if some kind of session failure
happen, but I may be wrong.
Did something change between 5.17 and 5.18 related to error/session
Sunday, June 14, 2015, 9:13:09 PM, you wrote:
J> On 14/06/15, you wrote in gmane.network.stunnel.user:
>> I appreciate your opinions. Do you think I should trade security
>> for 20 minutes idle CPU time every 24 hours?
>> On modern machines it's closer to 2 minutes...
J> No, of course not. I understood that you did this for security
J> reasons. Better randomize DH params every X time, then fixed, but
J> maybe should be considered.
J> An user option maybe, to set fixed or random, but random by default?
J> Just an idea.
J> Note that I'm not requesting this for me, just telling that could be
J> low specs environments to run tiny servers. If it is going to be
J> default, good to know anyway.
J> I would lie if I don't say that I run the server(s) for small periods
J> of time and having stunnel running 20 minutes calculating the DH is
J> [something], even the DH aren't needed to start connections.
J> You set as fixed from 4.40 (according to manual) and I'm using
J> Stunnel from 4.5x, so this was new to me.
J> P.S.: fixed=hardcoded
J> stunnel-users mailing list
J> stunnel-users at stunnel.org
mailto:dodfr at yahoo.com
More information about the stunnel-users