Connection rejected: too many clients (>=500)? - stunnel-users

18 Nov 2008


      Hey folks --
Can anyone tell me where the max number of clients is configured in 4.21?
I'm running okay for a while, but then I end up with repeated messages as
below in the logs:
2008.11.18 19:13:33 LOG7[26491:46912520933328]: https accepted FD=512 from
xx.xx.xx.xx:xxxxx
2008.11.18 19:13:33 LOG4[26491:46912520933328]: Connection rejected: too
many clients (>=500)
2008.11.18 19:13:33 LOG7[26491:46912520933328]: https accepted FD=512 from
xx.xx.xx.xx:xxxxx
2008.11.18 19:13:33 LOG4[26491:46912520933328]: Connection rejected: too
many clients (>=500)
2008.11.18 19:13:33 LOG7[26491:46912520933328]: https accepted FD=512 from
xx.xx.xx.xx:xxxxx
2008.11.18 19:13:33 LOG4[26491:46912520933328]: Connection rejected: too
many clients (>=500)
[...]
I've only seen reports of this problem, but no solution. Anyone out there
who can help?
Thanks in advance!
-Chris
------------- Config below -----------------
ulimit
unlimited
stunnel -version
stunnel 4.21 on x86_64-pc-linux-gnu with OpenSSL 0.9.8g 19 Oct 2007
Threading:PTHREAD SSL:ENGINE Sockets:POLL,IPv6 Auth:LIBWRAP
Global options
debug           = 5
pid             = /var/run/stunnel4.pid
RNDbytes        = 64
RNDfile         = /dev/urandom
RNDoverwrite    = yes
Service-level options
cert            = /etc/stunnel/stunnel.pem
ciphers         = AES:ALL:!aNULL:!eNULL:+RC4:@STRENGTH
key             = /etc/stunnel/stunnel.pem
session         = 300 seconds
sslVersion      = SSLv3 for client, all for server
TIMEOUTbusy     = 300 seconds
TIMEOUTclose    = 60 seconds
TIMEOUTconnect  = 10 seconds
TIMEOUTidle     = 43200 seconds
verify          = none
uname -a
Linux domU-12-31-39-01-61-B2 2.6.21.7-2.fc8xen #1 SMP Fri Feb 15 12:34:28
EST 2008 x86_64 GNU/Linux
stunnel -sockets
Socket option defaults:
    Option          Accept    Local     Remote    OS default
    SO_DEBUG            --        --        --             0
    SO_DONTROUTE        --        --        --             0
    SO_KEEPALIVE        --        --        --             0
    SO_LINGER           --        --        --    0:0
    SO_OOBINLINE        --        --        --             0
    SO_RCVBUF           --        --        --         87380
    SO_SNDBUF           --        --        --         16384
    SO_RCVLOWAT         --        --        --             1
    SO_SNDLOWAT         --        --        --             1
    SO_RCVTIMEO         --        --        --         0:0
    SO_SNDTIMEO         --        --        --         0:0
    SO_REUSEADDR             1    --        --             0
    SO_BINDTODEVICE     --        --        --        --
    IP_TOS              --        --        --             0
    IP_TTL              --        --        --            64
    TCP_NODELAY         --        --        --             0
gcc -v
Using built-in specs.
Target: x86_64-linux-gnu
Configured with: ../src/configure -v
--enable-languages=c,c++,fortran,objc,obj-c++,treelang --prefix=/usr
--enable-shared --with-system-zlib --libexecdir=/usr/lib
--without-included-gettext --enable-threads=posix --enable-nls
--with-gxx-include-dir=/usr/include/c++/4.2 --program-suffix=-4.2
--enable-clocale=gnu --enable-libstdcxx-debug --enable-objc-gc --enable-mpfr
--enable-checking=release --build=x86_64-linux-gnu --host=x86_64-linux-gnu
--target=x86_64-linux-gnu
Thread model: posix
gcc version 4.2.3 (Ubuntu 4.2.3-2ubuntu7)
openssl version
OpenSSL 0.9.8g 19 Oct 2007