Hello list
we encounter a weird SSL issue with one of our dovecot (2.2.24 on Centos6) which we can only explain if our assumtion is correct :-) Symptoms are that imaps connections (on port 993) suddenly get veeeery slow. Up to 180s for one connection with openssl s_client The thing we do not understand is that in the same time imap connections with starttls are just 1s. We can see that entropy on the affected system is not so high
cat /proc/sys/kernel/random/entropy_avail 138
So our current theory is: we're running short of entropy but imaps connections are much more affected because they are encrypted from first bit. Whereas a starttls connection has an unencrypted part which generates some entropy it does not use. So I can add entropy to the system that other connections can use.
We're open for any other theory but for the moment we believe (tm) that this is the reason that starttls is far more less affected than SSL
Cheers
tobi