Is this assumption correct?
Tobi
tobisworld at gmail.com
Sat Mar 23 13:39:13 EET 2019
Hello list
we encounter a weird SSL issue with one of our dovecot (2.2.24 on
Centos6) which we can only explain if our assumtion is correct
Symptoms are that imaps connections (on port 993) suddenly get veeeery
slow. Up to 180s for one connection with openssl s_client The thing we
do not understand is that in the same time imap connections with
starttls are just 1s.
We can see that entropy on the affected system is not so high
cat /proc/sys/kernel/random/entropy_avail
138
So our current theory is: we're running short of entropy but imaps
connections are much more affected because they are encrypted from first
bit. Whereas a starttls connection has an unencrypted part which
generates some entropy it does not use. So I can add entropy to the
system that other connections can use.
We're open for any other theory but for the moment we believe (tm) that
this is the reason that starttls is far more less affected than SSL
Cheers
tobi
More information about the dovecot
mailing list