> On Mon, Apr 28, 2014 at 11:07 AM, Michal Trojnara < [email protected]> wrote: >> On 2014-04-26 19:38, Frank Liu wrote: >> I am trying to use stunnel to add ssl support to my app. My app and >> linux server are tuned to accept 200k+ connections without a problem. >> When adding stunnel on the same server, the connection stops when it >> reaches 64k due to stunnel uses ephemeral ports to connect to my app >> on the localhost. > > Could you please share your configuration file, and the versions of > stunnel and Linux kernel? Maybe I can recommend an easier solution. > > Mike
Thanks Mike! Below is the information you requested. Frank chroot = /opt/stunnel/var/lib/stunnel/ setuid = appadm setgid = appadm pid = /stunnel.pid cert = /opt/app/app.pem key = /opt/app/app.key options = NO_SSLv2 socket = l:TCP_NODELAY=1 socket = r:TCP_NODELAY=1 [appssl-8889] accept = 8889 connect = 127.0.0.1:8888 uname -a Linux tiger 3.2.0-49-generic #75-Ubuntu SMP Tue Jun 18 17:39:32 UTC 2013 x86_64 x86_64 x86_64 GNU/Linux ./stunnel -version stunnel 5.01 on x86_64-unknown-linux-gnu platform Compiled with OpenSSL 1.0.1c 10 May 2012 Running with OpenSSL 1.0.1 14 Mar 2012 Update OpenSSL shared libraries or rebuild stunnel Threading:PTHREAD Sockets:POLL,IPv6 SSL:ENGINE,OCSP,FIPS Global options: debug = daemon.notice RNDbytes = 64 RNDfile = /dev/urandom RNDoverwrite = yes Service-level options: ciphers = FIPS (with "fips = yes") ciphers = HIGH:MEDIUM:+3DES:+DH:!aNULL:! SSLv2 (with "fips = no") curve = prime256v1 sessionCacheSize = 1000 sessionCacheTimeout = 300 seconds sslVersion = TLSv1 (with "fips = yes") sslVersion = TLSv1 for client, all for server (with "fips = no") stack = 65536 bytes TIMEOUTbusy = 300 seconds TIMEOUTclose = 60 seconds TIMEOUTconnect = 10 seconds TIMEOUTidle = 43200 seconds verify = none
_______________________________________________ stunnel-users mailing list [email protected] https://www.stunnel.org/cgi-bin/mailman/listinfo/stunnel-users
