[stunnel-users] stunnel 4.16 wrapped around an ldap server causing very slow binds
Mark McCoy
realmcking at gmail.com
Sun Nov 5 01:38:56 CET 2006
Hey all,
I have an instance of stunnel 4.16 on Solaris 10 that I am trying to
use to wrap Sun Directory Server LDAP traffic in SSL. LDAP 'binds'
take over 2 minutes to complete using stunnel, but only a split second
(as they should) when using an SSH tunnel.
I have disabled tcpwrappers per the stunnel FAQ with no results, and
tried settting delay = "yes" and "no", with no differences in the
results.
An interesting thing is that if I try to bind using the wrong
password, the "Invalid Credentials" error returns immediately. Using
the correct password, the bind hangs for over 2 minutes.
Any ideas on what to look for?
-------------
Output of stunnel -version:
stunnel 4.16 on sparc-sun-solaris2.10 with OpenSSL 0.9.8c 05 Sep 2006
Threading:PTHREAD SSL:ENGINE Sockets:POLL,IPv4
Global options
debug = 5
pid = /usr/local/stunnel/var/run/stunnel/stunnel.pid
RNDbytes = 64
RNDfile = /dev/urandom
RNDoverwrite = yes
Service-level options
cert = /usr/local/stunnel/etc/stunnel/stunnel.pem
ciphers = ALL:!ADH:+RC4:@STRENGTH
key = /usr/local/stunnel/etc/stunnel/stunnel.pem
session = 300 seconds
sslVersion = SSLv3 for client, all for server
TIMEOUTbusy = 300 seconds
TIMEOUTclose = 60 seconds
TIMEOUTconnect = 10 seconds
TIMEOUTidle = 43200 seconds
verify = none
--------------
--
Mark McCoy -- Professional Unix geek
Here in America we are descended in blood and in spirit from
revolutionists and rebels - men and women who dared to dissent from
accepted doctrine. As their heirs, may we never confuse honest dissent
with disloyal subversion. -- Dwight D. Eisenhower
More information about the stunnel-users
mailing list