Long ago I had a server with a bad network card. Every once in a while it would spew uncontrollable bytes onto the network. If you open a stunnel connection and it does that this could very well be the problem. If it cheap, try changing the network card. If not, you should be able to look in your firewall/router and it will tell you who is sending what bytes to whomever. See if that machine is indeed streaming the bytes in massive quantities. If not, I would suspect your stunnel is getting stuck in it’s own loop. There are a million reasons this can happen (well a few less than a million) – such as maybe a bad library in the FreeBSD or a bad choice in the Makefile – such as doing threads or something in a way your O/S does not like (I use threads=fork or whatever it is, instead of actual threading). You might tinker with some of the options that make the stunnel build and try different ones. Especially if stunnel was compiled on a different version of the O/S – could be differences in bytes in things and who knows what.
That is all I can suggest beyond setting the debug level to 7 (I think is highest) and then watching the log file.
Eric
From: stunnel-users [mailto:stunnel-users-bounces@stunnel.org] On Behalf Of Murrey, Brian J.
Sent: Wednesday, October 17, 2018 10:57 AM
To: stunnel-users@stunnel.org
Subject: [stunnel-users] CPU 100%
We are running stunnel 5.49 on FreeBSD 11.2 and we’re running into a problem once in a while.
CPU pegs at 100% when we get an stunnel connection from one of our external devices.
This affects 100% of all cores and we can’t even log in to console.
To mitigate this temporarily, we have a script running in the background to watch when stunnel begins to spike and restarts the daemon.
It doesn’t happen 100% of the time, and so far I have been unable to distinguish what makes the connection do this to the CPU.
Have any of you run in to this issue?
Sincerely,
Brian Murrey
System Engineer II, IT Infrastructure
NOTICE: This message may contain privileged and confidential information and/or protected health information intended solely for the use of the named recipient and may be privileged or otherwise protected by law. If you are not the intended recipient of this message, you should immediately notify the sender and delete this message. Do not disseminate, reproduce, or review this message or attachments if you are not the intended recipient. The sender or others may have legal rights restricting the dissemination of the information contained in this message and, as a result, remedies against you in the event of the improper dissemination of confidential information, trade secrets, personal information or privileged communications. This message is the work of the sender and does not necessarily reflect the position, views, or policies of TriMedx LLC or its affiliates.
WARNING: The integrity and security of this message cannot be guaranteed and may contain or transmit a virus or other illicit code. Neither TriMedx LLC or its affiliates accept liability for any damage attributable to viruses or illicit code transmitted through this message or an attachment.