<div dir="ltr"><div class="im"><div>> On Mon, Apr 28, 2014 at 11:07 AM, Michal Trojnara <span dir="ltr"><<a href="mailto:Michal.Trojnara@mirt.net" target="_blank">Michal.Trojnara@mirt.net</a>></span> wrote:<br><div>
>> On 2014-04-26 19:38, Frank Liu wrote:<br>
>> I am trying to use stunnel to add ssl support to my app. My app and<br>
>> linux server are tuned to accept 200k+ connections without a problem.<br>
>> When adding stunnel on the same server, the connection stops when it<br>
>> reaches 64k due to stunnel uses ephemeral ports to connect to my app<br>
>> on the localhost.<br>
><br>
</div>> Could you please share your configuration file, and the versions of<br>
> stunnel and Linux kernel? Maybe I can recommend an easier solution.<br>
><br>
> Mike<br>
<br></div></div><div>Thanks Mike!<br></div><div>Below is the information you requested.<br><br></div><div>Frank<br></div><div><br>chroot = /opt/stunnel/var/lib/stunnel/<br>setuid = appadm<br>setgid = appadm<br>pid = /stunnel.pid<br>
cert = /opt/app/app.pem<br>key = /opt/app/app.key<br>options = NO_SSLv2<br>socket = l:TCP_NODELAY=1<br>socket = r:TCP_NODELAY=1<br></div>[appssl-8889]<br><div>accept = 8889<br>connect = <a href="http://127.0.0.1:8888" target="_blank">127.0.0.1:8888</a><br>
<br></div><div>uname -a<br>Linux tiger 3.2.0-49-generic #75-Ubuntu SMP Tue Jun 18 17:39:32 UTC 2013 x86_64 x86_64 x86_64 GNU/Linux<br><br></div>./stunnel -version<br>stunnel 5.01 on x86_64-unknown-linux-gnu platform<br>
Compiled with OpenSSL 1.0.1c 10 May 2012<br>Running with OpenSSL 1.0.1 14 Mar 2012<br>Update OpenSSL shared libraries or rebuild stunnel<br>Threading:PTHREAD Sockets:POLL,IPv6 SSL:ENGINE,OCSP,FIPS<br><br>Global options:<br>
debug = daemon.notice<br>RNDbytes = 64<br>RNDfile = /dev/urandom<br>RNDoverwrite = yes<br><br>Service-level options:<br>ciphers = FIPS (with "fips = yes")<br>
ciphers = HIGH:MEDIUM:+3DES:+DH:!aNULL:!<div class="gmail_extra">SSLv2 (with "fips = no")<br>curve = prime256v1<br>sessionCacheSize = 1000<br>sessionCacheTimeout = 300 seconds<br>
sslVersion = TLSv1 (with "fips = yes")<br>
sslVersion = TLSv1 for client, all for server (with "fips = no")<br>stack = 65536 bytes<br>TIMEOUTbusy = 300 seconds<br>TIMEOUTclose = 60 seconds<br>TIMEOUTconnect = 10 seconds<br>
TIMEOUTidle = 43200 seconds<br>verify = none</div><div class="gmail_extra"><br><br><br></div></div>