Delay before sending server hello - stunnel-users

28 Apr 2011


      I am using stunnel to accept TLS connections.  I'm opening eight connections at virtually the same time, and occasionally see that for one of the connections, the handshake does not complete - stunnel does not send the server hello, and the client usually resets the connection.  I did manage to capture one instance where stunnel sends the server hello, but it is delayed by over a minute.
I upgraded to version 4.35, and I see the same behavior.  I set debug=debug, and captured what I think are the relevant logs (through write server hello). I kept the logs for the successful connection (59924) that came in after the failed one (59923).
Apr 27 13:21:22 cm stunnel: LOG7[10357:1431918272]: local socket: FD=15 allocated (non-blocking mode)
Apr 27 13:21:22 cm stunnel: LOG7[10357:1431918272]: Service msrp accepted FD=15 from ::ffff:10.50.2.11:59923
Apr 27 13:21:22 cm stunnel: LOG7[10357:1431918272]: local socket: FD=16 allocated (non-blocking mode)
Apr 27 13:21:22 cm stunnel: LOG7[10357:1431918272]: Service msrp accepted FD=16 from ::ffff:10.50.2.11:59924
Apr 27 13:21:22 cm stunnel: LOG7[10357:1431989136]: Service msrp started
Apr 27 13:21:22 cm stunnel: LOG7[10357:1431989136]: Waiting for a libwrap process
Apr 27 13:21:22 cm stunnel: LOG7[10357:1433471888]: Service msrp started
Apr 27 13:21:22 cm stunnel: LOG7[10357:1433471888]: Waiting for a libwrap process
Apr 27 13:21:22 cm stunnel: LOG7[10357:1433471888]: Acquired libwrap process #1
Apr 27 13:21:22 cm stunnel: LOG7[10357:1433471888]: Releasing libwrap process #1
Apr 27 13:21:22 cm stunnel: LOG7[10357:1433471888]: Released libwrap process #1
Apr 27 13:21:22 cm stunnel: LOG7[10357:1433471888]: Service msrp permitted by libwrap from ::ffff:10.50.2.11:59924
Apr 27 13:21:22 cm stunnel: LOG5[10357:1433471888]: Service msrp accepted connection from ::ffff:10.50.2.11:59924
Apr 27 13:21:22 cm stunnel: LOG7[10357:1433471888]: SSL state (accept): before/accept initialization
Apr 27 13:21:22 cm stunnel: LOG7[10357:1433471888]: SSL state (accept): SSLv3 read client hello A
Apr 27 13:21:22 cm stunnel: LOG7[10357:1433471888]: SSL state (accept): SSLv3 write server hello A
Apr 27 13:22:38 cm stunnel: LOG7[10357:1431989136]: Acquired libwrap process #4
Apr 27 13:22:38 cm stunnel: LOG7[10357:1431989136]: Releasing libwrap process #4
Apr 27 13:22:38 cm stunnel: LOG7[10357:1431989136]: Released libwrap process #4
Apr 27 13:22:38 cm stunnel: LOG7[10357:1431989136]: Service msrp permitted by libwrap from ::ffff:10.50.2.11:59923
Apr 27 13:22:38 cm stunnel: LOG5[10357:1431989136]: Service msrp accepted connection from ::ffff:10.50.2.11:59923
Apr 27 13:22:38 cm stunnel: LOG7[10357:1431989136]: SSL state (accept): before/accept initialization
Apr 27 13:22:38 cm stunnel: LOG7[10357:1431989136]: SSL state (accept): SSLv3 read client hello A
Apr 27 13:22:38 cm stunnel: LOG7[10357:1431989136]: SSL state (accept): SSLv3 write server hello A
Thanks,
Dan