Hello Michal,
I think I found something about the permanent CPU usage, it may not be directly related to DH calculation.
Now I activated the debug=info level I have a better view of what is happening.
As showed in my previous mail with the log sample, the last stunnel startup showed DH calculation in a matter of minutes all was OK and CPU slowed down as it should at the end of calculation.
But right now a few hours later the CPU is stuck again with this 25% usage.
I checked the logs and saw nothing related to DH or [CRON] so it is not because DH calculation may have restarted sooner than the 24H expected cycle.
The only thing I did is to travel with my laptop in my bag so computer went into standby mode and then awaked 2 hours later and right now, one hour after this awake CPU is still 25%.
Going from standby to awake mode produced some winsock errors in the logs (nothing unusual, all related to the loss of my WiFi the time it connect again) like :
Software caused connection abort (WSAECONNABORTED) (10053) Network is unreachable (WSAENETUNREACH) (10051)
I think that CPU usage may go crazy if some kind of session failure happen, but I may be wrong.
Did something change between 5.17 and 5.18 related to error/session management ?
regards.
Sunday, June 14, 2015, 9:13:09 PM, you wrote:
J> On 14/06/15, you wrote in gmane.network.stunnel.user:
I appreciate your opinions. Do you think I should trade security for 20 minutes idle CPU time every 24 hours? On modern machines it's closer to 2 minutes... Mike
J> Hi,
J> No, of course not. I understood that you did this for security J> reasons. Better randomize DH params every X time, then fixed, but J> maybe should be considered.
J> An user option maybe, to set fixed or random, but random by default? J> Just an idea.
J> Note that I'm not requesting this for me, just telling that could be J> low specs environments to run tiny servers. If it is going to be J> default, good to know anyway.
J> I would lie if I don't say that I run the server(s) for small periods J> of time and having stunnel running 20 minutes calculating the DH is J> [something], even the DH aren't needed to start connections.
J> You set as fixed from 4.40 (according to manual) and I'm using J> Stunnel from 4.5x, so this was new to me.
J> Regards.
J> P.S.: fixed=hardcoded J> _______________________________________________ J> stunnel-users mailing list J> stunnel-users@stunnel.org J> https://www.stunnel.org/cgi-bin/mailman/listinfo/stunnel-users
mailto:dodfr@yahoo.com