-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Abdelkader Chelouah wrote:
Indeed, I'm using
/configure --build="x86_64-unknown-linux-gnu" \ --prefix=${STUNNEL_DIR} \ --mandir="${STUNNEL_DIR}/man" \ --docdir="${STUNNEL_DIR}/doc" \ --enable-ipv6 \ --disable-libwrap \ --disable-fips \ --with-threads=fork \ --with-ssl=${OPENSSL_DIR} \ --enable-shared \ --disable-static
As far as concerns the threading model, several linux distributions use the fork model.
Most likely it's because their package maintainers were not clever enough to ask the upstream maintainer (myself) for an advice.
This blog post is full of logical fallacies. Its reasoning can be best described as magical thinking: http://en.wikipedia.org/wiki/Magical_thinking Using the fork model slows stunnel down *a lot*, as it makes stunnel renegotiate the SSL/TLS keys on each subsequent connection.
seems to conclude the same way. Actually, I'am not really sure about the best threading model under RH Linux. Maybe, can you give some advices.
Let me give you a hint: the default threading model is "PTHREAD". BTW: Despite exaggerated claims and extremely limited functionality, stud is actually *slower* than stunnel: http://vincent.bernat.im/en/blog/2011-ssl-benchmark-round2.html Mike -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iEYEARECAAYFAlQ6l8IACgkQ/NU+nXTHMtFG2QCeN0xd7yS7mSEdPROqgi23Vwud xhUAn1VqZrd7eMUoPiCR972DFjMm4WUg =E9S0 -----END PGP SIGNATURE-----