[stunnel-users] stunnel 4.16 wrapped around an ldap server causing very slow binds

Mark McCoy realmcking at gmail.com
Sun Nov 5 01:38:56 CET 2006


Hey all,

I have an instance of stunnel 4.16 on Solaris 10 that I am trying to
use to wrap Sun Directory Server LDAP traffic in SSL.  LDAP 'binds'
take over 2 minutes to complete using stunnel, but only a split second
(as they should) when using an SSH tunnel.

I have disabled tcpwrappers per the stunnel FAQ with no results, and
tried settting delay = "yes" and "no", with no differences in the
results.

An interesting thing is that if I try to bind using the wrong
password, the "Invalid Credentials" error returns immediately.  Using
the correct password, the bind hangs for over 2 minutes.

Any ideas on what to look for?

-------------
Output of stunnel -version:
stunnel 4.16 on sparc-sun-solaris2.10 with OpenSSL 0.9.8c 05 Sep 2006
Threading:PTHREAD SSL:ENGINE Sockets:POLL,IPv4

Global options
debug           = 5
pid             = /usr/local/stunnel/var/run/stunnel/stunnel.pid
RNDbytes        = 64
RNDfile         = /dev/urandom
RNDoverwrite    = yes

Service-level options
cert            = /usr/local/stunnel/etc/stunnel/stunnel.pem
ciphers         = ALL:!ADH:+RC4:@STRENGTH
key             = /usr/local/stunnel/etc/stunnel/stunnel.pem
session         = 300 seconds
sslVersion      = SSLv3 for client, all for server
TIMEOUTbusy     = 300 seconds
TIMEOUTclose    = 60 seconds
TIMEOUTconnect  = 10 seconds
TIMEOUTidle     = 43200 seconds
verify          = none
--------------

-- 
Mark McCoy -- Professional Unix geek

Here in America we are descended in blood and in spirit from
revolutionists and rebels - men and women who dared to dissent from
accepted doctrine. As their heirs, may we never confuse honest dissent
with disloyal subversion. -- Dwight D. Eisenhower



More information about the stunnel-users mailing list