[Dovecot] SSL renegotiation vulnerability

Steinar Bang sb at dod.no
Wed Oct 26 11:25:18 EEST 2011


>>>>> Timo Sirainen <tss at iki.fi>:

> I don't know if I'm doing something wrong, but I can't even cause a
> DoS. Even while all imap-login processes are eating 100% CPU (almost
> 500 handshakes/second), I can successfully log in with another client.

Are you using the tool linked to in the article, to stress the server?
  http://www.thc.org/thc-ssl-dos/




More information about the dovecot mailing list