Option to disable client-initiated renegotiation

Serg me at at.encryp.ch
Mon Mar 13 13:24:58 UTC 2023

Hello, is there any way to disallow client-initiated renegotiation at 
the dovecot? I haven't found any mention of this feature within source 
code as well as at the documentation.

I am asking about it because without this feature mail server is 
vulnerable to a TLS renegotiation DoS attack which can consume a lot of 
CPU and is harder to combat comparing to a basic TLS connections flood.

More information about the dovecot mailing list