I went from a nightly of about 20051117 or so (about alpha4 generation) to 1.0beta1 yesterday, and dovecot is now spinning the CPU furiously apparently every ~10 minutes per:
Jan 18 13:04:36 server dovecot: SSL parameters regeneration completed Jan 18 13:14:14 server dovecot: SSL parameters regeneration completed Jan 18 13:24:00 server dovecot: SSL parameters regeneration completed Jan 18 13:37:09 server dovecot: SSL parameters regeneration completed Jan 18 13:44:21 server dovecot: SSL parameters regeneration completed Jan 18 13:54:37 server dovecot: SSL parameters regeneration completed Jan 18 14:04:03 server dovecot: SSL parameters regeneration completed Jan 18 14:14:58 server dovecot: SSL parameters regeneration completed Jan 18 14:24:03 server dovecot: SSL parameters regeneration completed Jan 18 14:34:18 server dovecot: SSL parameters regeneration completed Jan 18 14:44:11 server dovecot: SSL parameters regeneration completed Jan 18 14:53:44 server dovecot: SSL parameters regeneration completed Jan 18 15:04:16 server dovecot: SSL parameters regeneration completed Jan 18 15:13:59 server dovecot: SSL parameters regeneration completed Jan 18 15:25:22 server dovecot: SSL parameters regeneration completed Jan 18 15:33:58 server dovecot: SSL parameters regeneration completed Jan 18 15:44:03 server dovecot: SSL parameters regeneration completed Jan 18 15:54:13 server dovecot: SSL parameters regeneration completed
Note that this is not the DH parameter generation; that completed on the first run, as documented.
This is impacting other processes on the machine, and it seems a bit of a radical change. Is the internal default meant to be this short...? I'm going to attempt to set "ssl_parameters_regenerate" explicitly, but I'd like to stick with builtin defaults wherever possible.
(Perhaps this regeneration could also be made a little friendlier on the machine, by forking and using setpriority() to lower the CPU demand of this work from the default nice level of the main daemon.)
-- -- Todd Vierling tv@duh.org tv@pobox.com todd@vierling.name