-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 15.07.2015 16:35, Philippe Anctil wrote:
Yes I compile with fork.
We have been using that for a very long time. In the 7-8 years range if not a few years more. In the past we decided to use fork to sidestep leaks. We process astronomical numbers of transactions each year on a 24/7 basis and never had any problems.
Can you expand a bit on why it is a bad idea?
A few reasons out of the top of my head: 1. Posix/windows threads are required for session cache, which is a major performance improvement. With fork, stunnel needs to negotiate a new TLS session on each TCP connection with the same peer. 2. Posix/windows threads are required for DH parameter regenerations. 3. Fork not the default compilation option and it doesn't get nearly as much testing as posix/windows threads. Mike -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBAgAGBQJVpnJuAAoJEC78f/DUFuAUnc8P/jbBGV2NtgnUceKS3MVI7cNM nJA4JsWHD0NczwYtUKnECF5T8eDC8K2V198v5s5NfybJ1Fmk8CTpNSWmPkz0bDKh V1ocJSMrRtbq8a3VyyYUjlX57vq/CvW/lSXH7bcgcdsWRDmgP07YugylKNUmnOga P7rVLuc7Q2TumhuWgjer4GzYJj8Bauj0yy4Ejng+DOShXOmo7d8I/dIYN0iwJhxx ttbHcd2J+Bp4Ngd8Yr7xpvhqwlDEjyV1DXYANdEpLt0cBKAQlGqKbMwFeIBbNcbC LnwnMYwXhxgnSV9MvM+CFK75dNtr+hSizigio1eMSw2MlBg+r/9fjYVevqlTfXgL yJf+FqfjU6ehrf+E+v+8byiESn0OwY2Ji81WG3IeLsxJxHQLXlL+0ycx6kgPkObH vg+5ZaRBAOTMaYMpcWR/UTQEyQOBukTeSTqUAkmWwMmbxfuiTZ7TSEcpnHoDoWlA lod2MLT6ylWAm9ZyUB1JmPIsYzcgWbwgr6OFzFI3+tJ3hOEwIp9sLzwjL2n624W5 2ttFWMFOILEfL1P2RRT+t0w1v33C3uORBdN/6oz8dWW3bGQQf6zZ3f1XQm0Tsmmb rQnlTBHqbVhhc4E9sH3z5NTTrlbyQQN7C8aNRRj79J0N9OkBREPmULfpQ2U7r585 gVJKVve02JW3Bx1pNjte =HK0h -----END PGP SIGNATURE-----