Re: SSL best option for new deployments

From: Brane F. Gračnar <>
Date: Tue, 13 Dec 2011 23:20:48 +0100

On 12/13/2011 10:43 PM, David Prothero wrote:
> I've been using stunnel with the X-Forwarded-For patch. Is stud preferable to stunnel for some reason?

Stunnel usually uses thread-per-connection architecture - as you probably know this programming model has serious scaling issues. Stud is single-threaded and runs as single-master/multiple-workers process, meaning that it can efficiently utilize power of multi-core cpus without context-switching overheaded resulting from hundreds (possibly thousands) of threads competing for cpu time slice.

Stud is implemented on top of libev, one of the most efficient event loops available.

It also uses much less memory than stunnel (openssl >= 1.x.x).

Best regards, Brane Received on 2011/12/13 23:20

This archive was generated by hypermail 2.2.0 : 2011/12/13 23:30 CET