Hello All,
I am running a proprietary daemon on port 443
that accepts incoming connections. We are experiencing problems when activating
stunnel on our production box.
Everytime that we run our daemon with stunnel,
our CPU and memory/swap area consumption is extremely intensive. Each
stunnel process consumes approximately 37Mb of RSS memory. I have browsed
through my logs and here is what I found:
2005.04.18 14:35:00 LOG3[15242:1245336]:
transfer() loop executes not transferring any data
2005.04.18 14:35:06
LOG3[15242:1245336]: please report the problem to Michal.Trojnara@mirt.net
2005.04.18
14:35:06 LOG3[15242:1245336]: socket open rd=yes wr=yes, ssl open rd=yes
wr=yes
2005.04.18 14:35:06 LOG3[15242:1245336]: socket ready rd=no wr=no, ssl
ready rd=no wr=no
2005.04.18 14:35:06 LOG3[15242:1245336]:
check_SSL_pending=0, ssl_closing=0
2005.04.18 14:35:06 LOG5[15242:1245336]:
Connection reset: 258 bytes sent to SSL, 153319 bytes sent to
socket
Some details:
a) My configuration file:
[https]
accept =
443
exec = /path/to/daemon
execargs = daemon
-ssl
stunnel 4.07 on i686-pc-linux-gnu
PTHREAD+POLL+IPv4+LIBWRAP with OpenSSL 0.9.6b [engine] 9 Jul
2001
Global
options
cert
=
/usr/local/etc/stunnel/stunnel.pem
ciphers
=
ALL:!ADH:RC4+RSA:+SSLv2:@STRENGTH
debug
=
5
key
=
/usr/local/etc/stunnel/stunnel.pem
pid
=
/usr/local/var/run/stunnel.pid
RNDbytes
= 64
RNDfile =
/dev/urandom
RNDoverwrite =
yes
session = 300
seconds
verify =
none
Service-level options
TIMEOUTbusy =
300 seconds
TIMEOUTclose = 60
seconds
TIMEOUTconnect = 10
seconds
TIMEOUTidle = 43200 seconds
b)
glibc-2.2.4-31.7
glibc-devel-2.2.4-32.8
libcap-1.10-6
glibc-common-2.2.4-31.7
c) uname
-a
Linux myserver 2.4.9-e.57enterprise #1 SMP Thu Dec 2 20:45:51 EST
2004 i686 unknown
d) gcc -v
gcc
version 2.96 20000731 (Red Hat Linux 7.2 2.96-118.7.2)
e) openssl version
OpenSSL 0.9.6b [engine] 9
Jul 2001
Can anyone shred some light?
I believe I should upgrade some of my core
components (gcc / openssl). I just need to make sure this is the right
direction.
Thanks in advance,
X-------------------
Michel Esber
MCSE, MCSA, MCDBA