Opened 18 years ago
Closed 18 years ago
#1826 closed defect (fixed)
Stunnel swat configuration very slow
Reported by: | Owned by: | Randy McMurchy | |
---|---|---|---|
Priority: | normal | Milestone: | 6.2.0 |
Component: | BOOK | Version: | SVN |
Severity: | normal | Keywords: | samba swat stunnel |
Cc: |
Description
Hello,
using BLFS svn-20060227
The default configuration of the stunnel samba/swat service result in a very slow access (about 30s) when using a https connection (I only test the case with firefox 1.5)in 2 case :
- Between the login and the main swat page
- When a documentation page is started
It seems that swat disconnect very quickly after sending data and so close the stunnel local socket but stunnel leave the remote socket alive for a long time after the event. The browser use the remote stunnel socket to send request but will never receive answer from this "connect to nothing" socket. it will only start to create a new connection (launch again swat by using inetd) when the remote socket is finnaly closed by itself (boring to wait).
I resolve the draw by setting "TIMEOUTclose = 1" (close the remote socket 1 seconde after the local one) in the swat service section of stunnel.conf It's write in the stunnel man page that by default this value is set to 0 (stunnel never close by itself the remote socket ?) because of a "buggy Microsoft IE".
Change History (4)
comment:1 by , 18 years ago
Owner: | changed from | to
---|
comment:2 by , 18 years ago
Status: | new → assigned |
---|
comment:3 by , 18 years ago
Milestone: | 6.1 → 6.2 |
---|
comment:4 by , 18 years ago
Resolution: | → fixed |
---|---|
Status: | assigned → closed |
Tested the "TIMEOUTclose = 1" parameter in the stunnel.conf file accessing SWAT over SSL and it works like a charm. My testing included two installations of SWAT (Samba), and 4 different browsers on 3 different platforms.
Updated the SWAT configuration on the Samba page to reflect the change.
The change will be committed with the Samba-3.0.22 update just as soon as Belgarath's SSH problem is resolved.
Very cool. This has bothered me for a *long* time. Thanks for the report and the fix.