[Dovecot] Major CPU spike for SSL parameters?

18 Jan 2006


      I went from a nightly of about 20051117 or so (about alpha4 generation) to
1.0beta1 yesterday, and dovecot is now spinning the CPU furiously apparently
every ~10 minutes per:
Jan 18 13:04:36 server dovecot: SSL parameters regeneration completed
Jan 18 13:14:14 server dovecot: SSL parameters regeneration completed
Jan 18 13:24:00 server dovecot: SSL parameters regeneration completed
Jan 18 13:37:09 server dovecot: SSL parameters regeneration completed
Jan 18 13:44:21 server dovecot: SSL parameters regeneration completed
Jan 18 13:54:37 server dovecot: SSL parameters regeneration completed
Jan 18 14:04:03 server dovecot: SSL parameters regeneration completed
Jan 18 14:14:58 server dovecot: SSL parameters regeneration completed
Jan 18 14:24:03 server dovecot: SSL parameters regeneration completed
Jan 18 14:34:18 server dovecot: SSL parameters regeneration completed
Jan 18 14:44:11 server dovecot: SSL parameters regeneration completed
Jan 18 14:53:44 server dovecot: SSL parameters regeneration completed
Jan 18 15:04:16 server dovecot: SSL parameters regeneration completed
Jan 18 15:13:59 server dovecot: SSL parameters regeneration completed
Jan 18 15:25:22 server dovecot: SSL parameters regeneration completed
Jan 18 15:33:58 server dovecot: SSL parameters regeneration completed
Jan 18 15:44:03 server dovecot: SSL parameters regeneration completed
Jan 18 15:54:13 server dovecot: SSL parameters regeneration completed
Note that this is not the DH parameter generation; that completed on the
first run, as documented.
This is impacting other processes on the machine, and it seems a bit of a
radical change.  Is the internal default meant to be this short...?  I'm
going to attempt to set "ssl_parameters_regenerate" explicitly, but I'd like
to stick with builtin defaults wherever possible.
(Perhaps this regeneration could also be made a little friendlier on the
machine, by forking and using setpriority() to lower the CPU demand of this
work from the default nice level of the main daemon.)
--
-- Todd Vierling tv@duh.org tv@pobox.com todd@vierling.name

Todd Vierling

Todd Vierling

Todd Vierling

Timo Sirainen

Todd Vierling

Hauke Fath

tags

participants (3)