Browse files

EA-1110/CI-18: reduce stunnel TIMEOUTclose setting for mis-behaved cl…


The fix was for CA-59191, written by Jonathan Davies.

The TIMEOUTclose was introduced to cope with mis-behaved SSL client such as MS IE etc (python XMLRPC/SSL seems to have similar issue) in that they do not send out close_notify before dropping the the connection. In such case, stunnel will do a polling of TIMEOUTclose before timing out the connection. That's the 5 seconds we observed here (The python client probably does some shutdown and then wait for close sort of thing, hence the delay, I don't have the time to verify). There are pitfalls however .... more in the ticket comments.

Signed-off-by: Jonathan Davies <>
Acked-by: Zheng Li <>
  • Loading branch information...
zli committed Nov 21, 2011
1 parent 419d9d5 commit 384d00b867211712bd4f3b877bae9951c13a50e3
Showing with 1 addition and 1 deletion.
  1. +1 −1 scripts/init.d-xapissl
@@ -71,7 +71,7 @@ accept = ${MGMT_IP}:443
connect = 80
cert = ${PEMFILE}
TIMEOUTclose = 5
TIMEOUTclose = 0

0 comments on commit 384d00b

Please sign in to comment.