[stunnel-users] problem with buffering data on stunnel

wujot wujot at home.pl
Fri Jul 10 20:17:24 CEST 2015


	Hi Mike,

	

	Thank you for your answer.

	I've made many tests using those parameters you've suggested. It is very 
good solution for decreasing buffer in Stunnel, but in my case it is not 
enough. Encrypted session on path beetwen slow client in GPRS network and 
Stunnel server is using TCPWindowSize on the level 5KB or less. But 
unencrypted session on path between Stunnel server and hi-speed end server 
(both in LAN) is using TcpWindowSize on level 64KB - 131KB (in Windows 2008 
or newer it is calculated automatically). So I steel have at least 64KB 
buffer in stunnel.

	

	Is there any possibility to force stunnel to use on faster part of 
connection (LAN side) the value of TcpWindowSize similar to calculated on 
slower part (on WAN side)?

	

	Best regards,

	

	Adalbert

	

	

	

	Dnia 2015-07-09 12:18 Michal Trojnara napisał(a):

	

	

	

	

	-----BEGIN PGP SIGNED MESSAGE-----

	Hash: SHA1

	

	Hi Adalbert,

	

	My guess would be:

	socket = l:SO_RCVBUF=2048

	socket = r:SO_SNDBUF=2048

	

	Mike

	

	On 09.07.2015 11:53, wujot wrote:

	

	I have a problem with transmission from LAN server, which use

	another server on LAN with running stunnel, to pass encrypted data

	to remote SSL clients if they are on very slow GPRS network. If

	server in LAN starts to transfer big amount of data to such slow

	remote client, stunnel is buffering data and slowly transmits them

	to the GPRS client. TCP Window on connection from LAN server to

	stunnel is big (64 - 131kB), and TCP Window on connection from

	stunnel to slow client is small (about 5kB). And additionally

	stunnel is buffering data. So, server is finishing transmission in

	seconds, but in fact most of data are still in buffers of stunnel.

	And it makes a timeout problem (server is waiting for the

	confirmation from client if it received all data, but time between

	last byte sent from server and confirmation from client could be

	even several minutes).

	

	So, stunnel is working in "store and forward" model. Is it possible

	to switch it to something like "cut through"? Or how to force

	stunnel to more synchronized transmission between client and

	server?

	

	Regards,

	

	Adalbert

	

	

	

	_______________________________________________ stunnel-users

	mailing list stunnel-users at stunnel.org

	https://www.stunnel.org/cgi-bin/mailman/listinfo/stunnel-users

	

	-----BEGIN PGP SIGNATURE-----

	Version: GnuPG v1

	

	iQIcBAEBAgAGBQJVnkpAAAoJEC78f/DUFuAU7YsP/1Ih 4CpKK0g uAZ hJxBrXl

	1XzZ79hDQ1lE8ae/pWQu74Mddkx7ANw6g 1zO7FEHJKEtHv4hBcp0ez/FGF1pfPi

	vIU43rQHP4W7cO4rOCYvg3DtzEe29l0jDsVBJhYiIy6AVk6xQxR8 1nO6W2kzEYh

	jMxXqiDNgLu7tSRWEhZ3jdPuiKTLPd91K8618tFskxINLqD3km1Otg1wOkgQsM3W

	PyZRhQD6eTVHgAmK5XkgxnGOGdY2FSSN35Ey28devaAgV8nnJF2r6OLqOOj8qirE

	TaFok9v/vguWAuxjMbHPLSSDrHnBMBqpPrMSK02KdJa62pRdEJNbKme6V47L1tTG

	vrK2hYErR6u6tsac/S/VJycQNfdqvKmxqYeuICJBaKxUW7hZlx6piCKkeC3v cf3

	DMDpqBL3n8oQ98TAQMrTnkNt/bdXrdz0N/mTMY2dP8Qk8KzgiCxyKl4syIQmCVR

	8ChNF/IAWB27Aq/ldmVM9Y3dOHpuVOSPgXjwSoY9xCyWQTLM/7gsWM5gjJuso9qk

	6lh p 8QHSA/cHpMmpqh xyTR/pEfLnYOyg NmYzd468QMXuZ1SV1davrw5gQF9i

	rNlLHL5PPCrY87SC g76v9meen9JwkBq76M43I21XhpfrC1fnDMxKPK4uVGeFlyt

	bAKmIPiSw7FZhDOzFKfb

	=yBNM

	-----END PGP SIGNATURE-----

	_______________________________________________

	stunnel-users mailing list

	stunnel-users at stunnel.org

	https://www.stunnel.org/cgi-bin/mailman/listinfo/stunnel-users

	

	

	

	

	

	

	

	

	

	

	

	

	

	

	

	

	

	

	

	

	

	

	

	

	

	

	 
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.stunnel.org/pipermail/stunnel-users/attachments/20150710/2d43b13b/attachment.html>


More information about the stunnel-users mailing list