<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=us-ascii">
</head>
<body style="word-wrap:break-word">
<div style="color:rgb(0,0,0); font-family:Calibri,sans-serif; font-size:14px">Hello</div>
<div style="color:rgb(0,0,0); font-family:Calibri,sans-serif; font-size:14px"><br>
</div>
<div style="color:rgb(0,0,0); font-family:Calibri,sans-serif; font-size:14px">A few days ago we ran into issue where the number of stunnel threads sky rocketed to over 3000 open stunnel threads. When this happen connections to our website slowed down considerably
or failed to connect. It was resolved by flipping to our other proxy which accepted any new connections. It took about 5 minutes for the threads to die off on the other proxy. I was wondering if anyone has come across this problem? </div>
<div style="color:rgb(0,0,0); font-family:Calibri,sans-serif; font-size:14px"><br>
</div>
<div style="color:rgb(0,0,0); font-family:Calibri,sans-serif; font-size:14px">Here are some details of our stunnel version and config.</div>
<div style="color:rgb(0,0,0); font-family:Calibri,sans-serif; font-size:14px"><br>
</div>
<div style="color:rgb(0,0,0); font-family:Calibri,sans-serif; font-size:14px">Stunnel 4.44 with patch for x-forwarder</div>
<div style="color:rgb(0,0,0); font-family:Calibri,sans-serif; font-size:14px"><br>
</div>
<div style="color:rgb(0,0,0); font-family:Calibri,sans-serif; font-size:14px">
<div>[root@brm-proxy01 ~]# stunnel -version</div>
<div>stunnel 4.44 on x86_64-unknown-linux-gnu platform</div>
<div>Compiled/running with OpenSSL 1.0.0-fips 29 Mar 2010</div>
<div>Threading:PTHREAD SSL:ENGINE Auth:LIBWRAP Sockets:POLL,IPv6</div>
<div> </div>
<div>Global options:</div>
<div>debug = daemon.notice</div>
<div>pid = /var/run/stunnel.pid</div>
<div>RNDbytes = 64</div>
<div>RNDfile = /dev/urandom</div>
<div>RNDoverwrite = yes</div>
<div> </div>
<div>Service-level options:</div>
<div>ciphers = ALL:!SSLv2:!aNULL:!EXP:!LOW:-MEDIUM:RC4:+HIGH</div>
<div>curve = prime256v1</div>
<div>session = 300 seconds</div>
<div>sslVersion = TLSv1 for client, all for server</div>
<div>stack = 65536 bytes</div>
<div>TIMEOUTbusy = 300 seconds</div>
<div>TIMEOUTclose = 60 seconds</div>
<div>TIMEOUTconnect = 10 seconds</div>
<div>TIMEOUTidle = 43200 seconds</div>
<div>verify = none appriacated</div>
<div><br>
</div>
</div>
<div style="color:rgb(0,0,0); font-family:Calibri,sans-serif; font-size:14px"><br>
</div>
<div style="color:rgb(0,0,0); font-family:Calibri,sans-serif; font-size:14px">Our stunnel.conf.</div>
<div style="color:rgb(0,0,0); font-family:Calibri,sans-serif; font-size:14px"><br>
</div>
<div style="color:rgb(0,0,0); font-family:Calibri,sans-serif; font-size:14px">
<div>/etc/stunnel/stunnel.conf </div>
<div>#sslVersion = TLSv1</div>
<div>pid = /var/run/stunnel.pid</div>
<div>syslog = yes</div>
<div>output = /var/log/stunnel.log</div>
<div>debug = 3</div>
<div><br>
</div>
<div>[https]</div>
<div>cert = /etc/stunnel/ssl/wildcard.blah.com.pem</div>
<div>accept = 443</div>
<div>connect = 80</div>
<div>xforwardedfor = yes</div>
<div>TIMEOUTbusy = 300</div>
<div>TIMEOUTclose = 0</div>
<div>TIMEOUTconnect = 10</div>
<div>TIMEOUTidle = 60</div>
</div>
<div style="color:rgb(0,0,0); font-family:Calibri,sans-serif; font-size:14px"><br>
</div>
<div style="color:rgb(0,0,0); font-family:Calibri,sans-serif; font-size:14px">Is there anything we could add for performance tuning in stunnel? Any suggestions on what I could look for when this happens again would be appreciated. Our platform does between
2000 to 3000 rpm (request per minute) during peak hours. </div>
<div style="color:rgb(0,0,0); font-family:Calibri,sans-serif; font-size:14px"><br>
</div>
<div style="color:rgb(0,0,0); font-family:Calibri,sans-serif; font-size:14px">We constantly see a lot of these messages every hour but I am not sure what is happening as the connections seem to be working.</div>
<div style="color:rgb(0,0,0); font-family:Calibri,sans-serif; font-size:14px"><br>
</div>
<div style="color:rgb(0,0,0); font-family:Calibri,sans-serif; font-size:14px"><b>SSL_accept: Peer suddenly disconnected</b></div>
<div style="color:rgb(0,0,0); font-family:Calibri,sans-serif; font-size:14px"><b><br>
</b></div>
<div><b><font face="Calibri,sans-serif">There was a higher spike of them as per the normal rate during our incident described above.</font></b></div>
<div style="color:rgb(0,0,0); font-family:Calibri,sans-serif; font-size:14px"><br>
</div>
<div style="color:rgb(0,0,0); font-family:Calibri,sans-serif; font-size:14px">Thanks</div>
<div style="color:rgb(0,0,0); font-family:Calibri,sans-serif; font-size:14px"><br>
</div>
<div style="color:rgb(0,0,0); font-family:Calibri,sans-serif; font-size:14px">
<div>
<div>
<div><span style="font-size:10pt; font-family:Arial,sans-serif; color:rgb(110,41,141)"><b>Stephen Griffin</b></span></div>
<div><span style="color:rgb(110,41,141); font-family:Arial,sans-serif; font-size:10pt">Sr. System Administrator</span><br>
<span style="color:rgb(110,41,141); font-family:Arial,sans-serif; font-size:10pt"><a href="http://www.achievers.com/" style="color:purple; font-family:'Times New Roman',serif; font-size:12pt">www.achievers.com</a></span></div>
</div>
<div><br>
</div>
</div>
</div>
<p> </p>
<span style="font-size:8.0pt; background:white"><u><b>Confidentiality</span></u></b><span style="font-size:8.0pt; background:white">: The information contained in this e-mail and any attachments are confidential. If you are not the intended recipient, you may
not copy or distribute this information. If you have received this communication in error, please notify the sender immediately and delete it from your system.</span>
</body>
</html>