Hey Brian,
thanks for the fast reply.
Find code like this in the stunnel source:
SSL_CTX_set_session_cache_mode(ctx, SSL_SESS_CACHE_BOTH); SSL_set_session(c->ssl, ctx->session_cache_head))and comment any occurances out. Recompile. Should do the trick.
I did that. Found the first instruction in SSL.c and the second in client.c. Commenting them out and recompilation did not help. STunnel still uses Caching. Correct me if I'm wrong, but afaik STunnel uses OpenSSL to handle SSL related things. I think OpenSSL uses a pre defined Session Timer of 300 s and simply commenting out the code in STunnel does not prevent OpenSSL from using his default value. We tried also to change the code and comment the check, if the session timer is at least equal to 1, out, but that still did not help.
Benchmark different key lengths and ciphers until you find the one that's fastest. And use session caching!
Yes, we tried different parameters, but mod_ssl is about 50% faster than STunnel and Apache. But I think, that is quite normal.
Greetings, Daniel