Hello All,
I am running a proprietary daemon on port 443 that accepts incoming connections. We are experiencing problems when activating stunnel on our production box.
Everytime that we run our daemon with stunnel, our CPU and memory/swap area consumption is extremely intensive. Each stunnel process consumes approximately 37Mb of RSS memory. I have browsed through my logs and here is what I found:
2005.04.18 14:35:00 LOG3[15242:1245336]: transfer() loop executes not transferring any data 2005.04.18 14:35:06 LOG3[15242:1245336]: please report the problem to Michal.Trojnara@mirt.net 2005.04.18 14:35:06 LOG3[15242:1245336]: socket open rd=yes wr=yes, ssl open rd=yes wr=yes 2005.04.18 14:35:06 LOG3[15242:1245336]: socket ready rd=no wr=no, ssl ready rd=no wr=no 2005.04.18 14:35:06 LOG3[15242:1245336]: check_SSL_pending=0, ssl_closing=0 2005.04.18 14:35:06 LOG5[15242:1245336]: Connection reset: 258 bytes sent to SSL, 153319 bytes sent to socket
Some details:
a) My configuration file: [https] accept = 443 exec = /path/to/daemon execargs = daemon -ssl
stunnel 4.07 on i686-pc-linux-gnu PTHREAD+POLL+IPv4+LIBWRAP with OpenSSL 0.9.6b [engine] 9 Jul 2001
Global options cert = /usr/local/etc/stunnel/stunnel.pem ciphers = ALL:!ADH:RC4+RSA:+SSLv2:@STRENGTH debug = 5 key = /usr/local/etc/stunnel/stunnel.pem pid = /usr/local/var/run/stunnel.pid RNDbytes = 64 RNDfile = /dev/urandom RNDoverwrite = yes session = 300 seconds verify = none
Service-level options TIMEOUTbusy = 300 seconds TIMEOUTclose = 60 seconds TIMEOUTconnect = 10 seconds TIMEOUTidle = 43200 seconds
b) glibc-2.2.4-31.7 glibc-devel-2.2.4-32.8 libcap-1.10-6 glibc-common-2.2.4-31.7
c) uname -a Linux myserver 2.4.9-e.57enterprise #1 SMP Thu Dec 2 20:45:51 EST 2004 i686 unknown
d) gcc -v gcc version 2.96 20000731 (Red Hat Linux 7.2 2.96-118.7.2)
e) openssl version OpenSSL 0.9.6b [engine] 9 Jul 2001
Can anyone shred some light?
I believe I should upgrade some of my core components (gcc / openssl). I just need to make sure this is the right direction.
Thanks in advance,
X------------------- Michel Esber MCSE, MCSA, MCDBA
Automatos - www.automatos.com US: 1 (866) 2293584