Hello Michal, I think I found something about the permanent CPU usage, it may not be directly related to DH calculation. Now I activated the debug=info level I have a better view of what is happening. As showed in my previous mail with the log sample, the last stunnel startup showed DH calculation in a matter of minutes all was OK and CPU slowed down as it should at the end of calculation. But right now a few hours later the CPU is stuck again with this 25% usage. I checked the logs and saw nothing related to DH or [CRON] so it is not because DH calculation may have restarted sooner than the 24H expected cycle. The only thing I did is to travel with my laptop in my bag so computer went into standby mode and then awaked 2 hours later and right now, one hour after this awake CPU is still 25%. Going from standby to awake mode produced some winsock errors in the logs (nothing unusual, all related to the loss of my WiFi the time it connect again) like : Software caused connection abort (WSAECONNABORTED) (10053) Network is unreachable (WSAENETUNREACH) (10051) I think that CPU usage may go crazy if some kind of session failure happen, but I may be wrong. Did something change between 5.17 and 5.18 related to error/session management ? regards. Sunday, June 14, 2015, 9:13:09 PM, you wrote: J> On 14/06/15, you wrote in gmane.network.stunnel.user:
I appreciate your opinions. Do you think I should trade security for 20 minutes idle CPU time every 24 hours? On modern machines it's closer to 2 minutes... Mike
J> Hi, J> No, of course not. I understood that you did this for security J> reasons. Better randomize DH params every X time, then fixed, but J> maybe should be considered. J> An user option maybe, to set fixed or random, but random by default? J> Just an idea. J> Note that I'm not requesting this for me, just telling that could be J> low specs environments to run tiny servers. If it is going to be J> default, good to know anyway. J> I would lie if I don't say that I run the server(s) for small periods J> of time and having stunnel running 20 minutes calculating the DH is J> [something], even the DH aren't needed to start connections. J> You set as fixed from 4.40 (according to manual) and I'm using J> Stunnel from 4.5x, so this was new to me. J> Regards. J> P.S.: fixed=hardcoded J> _______________________________________________ J> stunnel-users mailing list J> stunnel-users@stunnel.org J> https://www.stunnel.org/cgi-bin/mailman/listinfo/stunnel-users mailto:dodfr@yahoo.com