Timo Sirainen <tss@iki.fi>:
Yes, SSL handshakes are extra. Although SSL supports some kind of quick renegotiation too, but Dovecot doesn't support that yet. No one's ever requested it..
Hum... this article (in Norwegian) http://www.digi.no/881186/skrekkverktoy-slaar-ut-%ABsikre%BB-servere addresses the SSL renegotiation vulnerability, and how it can be used to DOS servers using SSL from a single machine with low bandwidth.
At the end the article is discussing how to configure off the SSL renegotiate in different servers, and that the author had been unable to find a setting for disabling SSL renegotiate in dovecot (and if anyone knows how, please inform him).
Could the reason he hasn't found such a setting be that SSL renegotiate isn't supported at all in dovecot...?
Thanks!
- Steinar