[stunnel-users] problem with buffering data on stunnel
wujot
wujot at home.pl
Fri Jul 10 20:17:24 CEST 2015
Hi Mike,
Thank you for your answer.
I've made many tests using those parameters you've suggested. It is very
good solution for decreasing buffer in Stunnel, but in my case it is not
enough. Encrypted session on path beetwen slow client in GPRS network and
Stunnel server is using TCPWindowSize on the level 5KB or less. But
unencrypted session on path between Stunnel server and hi-speed end server
(both in LAN) is using TcpWindowSize on level 64KB - 131KB (in Windows 2008
or newer it is calculated automatically). So I steel have at least 64KB
buffer in stunnel.
Is there any possibility to force stunnel to use on faster part of
connection (LAN side) the value of TcpWindowSize similar to calculated on
slower part (on WAN side)?
Best regards,
Adalbert
Dnia 2015-07-09 12:18 Michal Trojnara napisał(a):
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hi Adalbert,
My guess would be:
socket = l:SO_RCVBUF=2048
socket = r:SO_SNDBUF=2048
Mike
On 09.07.2015 11:53, wujot wrote:
I have a problem with transmission from LAN server, which use
another server on LAN with running stunnel, to pass encrypted data
to remote SSL clients if they are on very slow GPRS network. If
server in LAN starts to transfer big amount of data to such slow
remote client, stunnel is buffering data and slowly transmits them
to the GPRS client. TCP Window on connection from LAN server to
stunnel is big (64 - 131kB), and TCP Window on connection from
stunnel to slow client is small (about 5kB). And additionally
stunnel is buffering data. So, server is finishing transmission in
seconds, but in fact most of data are still in buffers of stunnel.
And it makes a timeout problem (server is waiting for the
confirmation from client if it received all data, but time between
last byte sent from server and confirmation from client could be
even several minutes).
So, stunnel is working in "store and forward" model. Is it possible
to switch it to something like "cut through"? Or how to force
stunnel to more synchronized transmission between client and
server?
Regards,
Adalbert
_______________________________________________ stunnel-users
mailing list stunnel-users at stunnel.org
https://www.stunnel.org/cgi-bin/mailman/listinfo/stunnel-users
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIcBAEBAgAGBQJVnkpAAAoJEC78f/DUFuAU7YsP/1Ih 4CpKK0g uAZ hJxBrXl
1XzZ79hDQ1lE8ae/pWQu74Mddkx7ANw6g 1zO7FEHJKEtHv4hBcp0ez/FGF1pfPi
vIU43rQHP4W7cO4rOCYvg3DtzEe29l0jDsVBJhYiIy6AVk6xQxR8 1nO6W2kzEYh
jMxXqiDNgLu7tSRWEhZ3jdPuiKTLPd91K8618tFskxINLqD3km1Otg1wOkgQsM3W
PyZRhQD6eTVHgAmK5XkgxnGOGdY2FSSN35Ey28devaAgV8nnJF2r6OLqOOj8qirE
TaFok9v/vguWAuxjMbHPLSSDrHnBMBqpPrMSK02KdJa62pRdEJNbKme6V47L1tTG
vrK2hYErR6u6tsac/S/VJycQNfdqvKmxqYeuICJBaKxUW7hZlx6piCKkeC3v cf3
DMDpqBL3n8oQ98TAQMrTnkNt/bdXrdz0N/mTMY2dP8Qk8KzgiCxyKl4syIQmCVR
8ChNF/IAWB27Aq/ldmVM9Y3dOHpuVOSPgXjwSoY9xCyWQTLM/7gsWM5gjJuso9qk
6lh p 8QHSA/cHpMmpqh xyTR/pEfLnYOyg NmYzd468QMXuZ1SV1davrw5gQF9i
rNlLHL5PPCrY87SC g76v9meen9JwkBq76M43I21XhpfrC1fnDMxKPK4uVGeFlyt
bAKmIPiSw7FZhDOzFKfb
=yBNM
-----END PGP SIGNATURE-----
_______________________________________________
stunnel-users mailing list
stunnel-users at stunnel.org
https://www.stunnel.org/cgi-bin/mailman/listinfo/stunnel-users
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.stunnel.org/pipermail/stunnel-users/attachments/20150710/2d43b13b/attachment.html>
More information about the stunnel-users
mailing list