[stunnel-users] ephemeral port limit

Frank Liu gfrankliu at gmail.com
Mon Apr 28 23:28:56 CEST 2014 

> On Mon, Apr 28, 2014 at 11:07 AM, Michal Trojnara <
Michal.Trojnara at mirt.net> wrote:
>> On 2014-04-26 19:38, Frank Liu wrote:
>> I am trying to use stunnel to add ssl support to my app. My app and
>> linux server are tuned to accept 200k+ connections without a problem.
>> When adding stunnel on the same server, the connection stops when it
>> reaches 64k due to stunnel uses ephemeral ports to connect to my app
>> on the localhost.
>
> Could you please share your configuration file, and the versions of
> stunnel and Linux kernel?  Maybe I can recommend an easier solution.
>
> Mike

Thanks Mike!
Below is the information you requested.

Frank

chroot = /opt/stunnel/var/lib/stunnel/
setuid = appadm
setgid = appadm
pid = /stunnel.pid
cert = /opt/app/app.pem
key = /opt/app/app.key
options = NO_SSLv2
socket = l:TCP_NODELAY=1
socket = r:TCP_NODELAY=1
[appssl-8889]
accept  = 8889
connect = 127.0.0.1:8888

uname -a
Linux tiger 3.2.0-49-generic #75-Ubuntu SMP Tue Jun 18 17:39:32 UTC 2013
x86_64 x86_64 x86_64 GNU/Linux

./stunnel -version
stunnel 5.01 on x86_64-unknown-linux-gnu platform
Compiled with OpenSSL 1.0.1c 10 May 2012
Running  with OpenSSL 1.0.1 14 Mar 2012
Update OpenSSL shared libraries or rebuild stunnel
Threading:PTHREAD Sockets:POLL,IPv6 SSL:ENGINE,OCSP,FIPS

Global options:
debug                  = daemon.notice
RNDbytes               = 64
RNDfile                = /dev/urandom
RNDoverwrite           = yes

Service-level options:
ciphers                = FIPS (with "fips = yes")
ciphers                = HIGH:MEDIUM:+3DES:+DH:!aNULL:!
SSLv2 (with "fips = no")
curve                  = prime256v1
sessionCacheSize       = 1000
sessionCacheTimeout    = 300 seconds
sslVersion             = TLSv1 (with "fips = yes")
sslVersion             = TLSv1 for client, all for server (with "fips = no")
stack                  = 65536 bytes
TIMEOUTbusy            = 300 seconds
TIMEOUTclose           = 60 seconds
TIMEOUTconnect         = 10 seconds
TIMEOUTidle            = 43200 seconds
verify                 = none
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.stunnel.org/pipermail/stunnel-users/attachments/20140428/08ba356f/attachment.html>

More information about the stunnel-users mailing list