[stunnel-users] stunnel 4.50 released
Michal Trojnara
Michal.Trojnara at mirt.net
Fri Dec 9 18:06:26 CET 2011
Ludovic LEVET wrote:
> It seem that openssl since version 0.9.8b zlib compression is enable
> by default. This is the problem of cpu usage of stunnel.
> Is it possible to force it disable it by 'compression = none' in a
> next version of stunnel ?
I did some research and the facts are:
1. Stunnel code for "compression" option is obsolete since OpenSSL
0.9.8 (released 05 Jul 2005).
The new implementation is compatible with:
http://tools.ietf.org/html/rfc1951
2. Starting with OpenSSL 1.0.0 compression can be disabled with
"options = NO_COMPRESSION" service-level option.
3. In OpenSSL version >= 0.9.8 and <1.0.0 there is currently no way to
disable compression with an stunnel.conf option.
My conclusion:
I will add "compression = none" global option implemented as:
#ifndef OPENSSL_NO_COMP
sk_SSL_COMP_zero(SSL_COMP_get_compression_methods());
#endif
Mike
More information about the stunnel-users
mailing list