-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On 15.07.2015 16:35, Philippe Anctil wrote:
Yes I compile with fork.
We have been using that for a very long time. In the 7-8 years range if not a few years more. In the past we decided to use fork to sidestep leaks. We process astronomical numbers of transactions each year on a 24/7 basis and never had any problems.
Can you expand a bit on why it is a bad idea?
A few reasons out of the top of my head:
1. Posix/windows threads are required for session cache, which is a major performance improvement. With fork, stunnel needs to negotiate a new TLS session on each TCP connection with the same peer.
2. Posix/windows threads are required for DH parameter regenerations.
3. Fork not the default compilation option and it doesn't get nearly as much testing as posix/windows threads.
Mike