Is this assumption correct?
Tobi
tobster at brain-force.ch
Sat Mar 23 13:16:25 EET 2019
Hello list
we encounter a weird SSL issue with one of our dovecot (2.2.24 on
Centos6) which we can only explain if our assumtion is correct :-)
Symptoms are that imaps connections (on port 993) suddenly get veeeery
slow. Up to 180s for one connection with openssl s_client The thing we
do not understand is that in the same time imap connections with
starttls are just 1s.
We can see that entropy on the affected system is not so high
cat /proc/sys/kernel/random/entropy_avail
138
So our current theory is: we're running short of entropy but imaps
connections are much more affected because they are encrypted from first
bit. Whereas a starttls connection has an unencrypted part which
generates some entropy it does not use. So I can add entropy to the
system that other connections can use.
We're open for any other theory but for the moment we believe (tm) that
this is the reason that starttls is far more less affected than SSL
Cheers
tobi
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <https://dovecot.org/pipermail/dovecot/attachments/20190323/7e764601/attachment.sig>
More information about the dovecot
mailing list