Ludovic LEVET wrote:
It seem that openssl since version 0.9.8b zlib compression is enable by default. This is the problem of cpu usage of stunnel. Is it possible to force it disable it by 'compression = none' in a next version of stunnel ?
I did some research and the facts are: 1. Stunnel code for "compression" option is obsolete since OpenSSL 0.9.8 (released 05 Jul 2005). The new implementation is compatible with: http://tools.ietf.org/html/rfc1951 2. Starting with OpenSSL 1.0.0 compression can be disabled with "options = NO_COMPRESSION" service-level option. 3. In OpenSSL version >= 0.9.8 and <1.0.0 there is currently no way to disable compression with an stunnel.conf option.
My conclusion: I will add "compression = none" global option implemented as: #ifndef OPENSSL_NO_COMP sk_SSL_COMP_zero(SSL_COMP_get_compression_methods()); #endif
Mike