We use Stunnel 4.5.2 in our environment of Ubuntu 10.04/12.04 systems in various clouds. We're leveraging PGPool for SSL encryption of a lot of different types of traffic ... Zookeeper, Postgresql, and AMQP traffic are some examples for us. Mostly everything works great .. its fast, and very reliable. I've just noticed though that on a particular group of machines we are seeing really high memory usage on the Stunnel process that seems to grow and grow over time. I found this Stunnel process using over 350MB of ram yesterday ... and on an m1.small in Amazon, thats a big chunk!

Here's our client config file:

cert = /etc/stunnel/localhost-pgpool.pem key = /etc/stunnel/localhost-pgpool.key CAfile = /etc/stunnel/localhost-pgpool_ca.pem verify = 2 delay = no sslVersion = TLSv1 client = yes setuid = stunnel4 setgid = stunnel4 pid = /var/lib/stunnel4/localhost-pgpool.stunnel4.pid socket = l:TCP_NODELAY=1 socket = r:TCP_NODELAY=1 TIMEOUTconnect = 2 session = 86400 debug = 4 [localhost-pgpool] accept = 127.0.0.1:5001 failover = rr connect = prod-pgpool1-uswest1:6433 connect = prod-pgpool2-uswest1:6433

My first thought was that perhaps the Session cache was too large... so I dropped it to '3600'. Now instead of 360MB, I'm seeing Stunnel sit at around 170MB. Is the session ID cache just caching thousands and thousands of new session IDs without properly re-using them? It seems like the session ID cache should never have more than: Currently_Used_Session_IDs + Session_IDs_unused_but_last_used_within_the_last_hour

Any thoughts on what might be going on?

--Matt