I am having problems will apache and stunnel being able to handle load.

I am using stunnel to encrypt my ajp traffic from apache to jboss.  This

helps me bridge our internal firewall.

But during load testing the system starts breaking down.  It takes about

1/5 the load to break down apache and stunnel, than directly against my

jboss node.

Any performance tuning recommendations would be great.

I am using stunnel straight out of the box.  I will place the

configuration file below.

Thanks.

; Sample stunnel configuration file by Michal Trojnara 2002-2006

; Some options used here may not be adequate for your particular

configuration

; Please make sure you understand them (especially the effect of chroot

jail)

; Certificate/key is needed in server mode and optional in client mode

;cert = /usr/local/stunnel/etc/stunnel/mail.pem

;key = /usr/local/stunnel/etc/stunnel/mail.pem

; Protocol version (all, SSLv2, SSLv3, TLSv1)

sslVersion = SSLv3

; Some security enhancements for UNIX systems - comment them out on

Win32

chroot = /usr/local/stunnel/var/lib/stunnel/

setuid = nobody

setgid = nogroup

; PID is created inside chroot jail

pid = /stunnel.pid

; Some performance tunings

socket = l:TCP_NODELAY=1

socket = r:TCP_NODELAY=1

;compression = rle

; Workaround for Eudora bug

;options = DONT_INSERT_EMPTY_FRAGMENTS

; Authentication stuff

;verify = 2

; Don't forget to c_rehash CApath

; CApath is located inside chroot jail

CApath = certificates

; It's often easier to use CAfile

CAfile = /usr/local/stunnel/etc/stunnel/certs.pem

; Don't forget to c_rehash CRLpath

; CRLpath is located inside chroot jail

;CRLpath = /crls

; Alternatively you can use CRLfile

;CRLfile = /usr/local/stunnel/etc/stunnel/crls.pem

; Some debugging stuff useful for troubleshooting

;debug = 7

output = stunnel.log

; Use it for client mode

client = yes

; Service-level configuration

[ajp]

accept = 8009

connect = xxxx2:8009

[sql]

accept = 1433

connect = XXXX1:443