On Wednesday 29 November 2006 16:56, ~ Kunal Sharma ~ wrote:
I downloaded Stunnel from stunnel.org and had no idea I have a new version at *the home site*.
I see. This page should put some light on it: http://www.stunnel.org/related/
Brian Hatch, the author of www.stunnel.org web page did a great job building the page, writing documentation, patches, etc. Unfortunately he is quite busy nowadays, so the page is becoming obsolete and misleading.
But with the same version, I made the change suggested by you (TIMEOUTidle = 30) and Stunnel has now being working for more than 18 hrs on the trot now !!!
Can you please explain to me (only if you have time) what magic this did ?
By default stunnel tries to keep idle (not transferring any traffic) connections up for 43200 seconds (12 hours). It's generally a good idea (imagine a telnet or an irc session). The drawback is that when a client has disconnected without shutting down or resetting TCP session (like it was turned off with the power switch or the the network cable was pulled off) stunnel server uses server resources (like a cpu thread, memory or tcp sockets) for the next 12 hours. That's not good on a heavy loaded server. Reducing the idle timeout from 43200 to 30 seconds eliminates this problem.
Best regards, Mike