-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Abdelkader Chelouah wrote:
Indeed, I'm using
/configure --build="x86_64-unknown-linux-gnu" \ --prefix=${STUNNEL_DIR} \ --mandir="${STUNNEL_DIR}/man" \ --docdir="${STUNNEL_DIR}/doc" \ --enable-ipv6 \ --disable-libwrap \ --disable-fips \ --with-threads=fork \ --with-ssl=${OPENSSL_DIR} \ --enable-shared \ --disable-static
As far as concerns the threading model, several linux distributions use the fork model.
Most likely it's because their package maintainers were not clever enough to ask the upstream maintainer (myself) for an advice.
This blog post is full of logical fallacies. Its reasoning can be best described as magical thinking: http://en.wikipedia.org/wiki/Magical_thinking
Using the fork model slows stunnel down *a lot*, as it makes stunnel renegotiate the SSL/TLS keys on each subsequent connection.
seems to conclude the same way. Actually, I'am not really sure about the best threading model under RH Linux. Maybe, can you give some advices.
Let me give you a hint: the default threading model is "PTHREAD".
BTW: Despite exaggerated claims and extremely limited functionality, stud is actually *slower* than stunnel: http://vincent.bernat.im/en/blog/2011-ssl-benchmark-round2.html
Mike