On 25.10.2011, at 21.51, Timo Sirainen wrote: > On 25.10.2011, at 21.13, Timo Sirainen wrote: > >>> Could the reason he hasn't found such a setting be that SSL renegotiate >>> isn't supported at all in dovecot...? >> >> Looking at the OpenSSL code, I don't see any way to disable it. Or possibly >> with some undocumented kludgy way, but I don't really know enough about >> OpenSSL to implement it. > > Actually, the attached patch works for v2.0. I'm not really sure yet if I > should add a setting for it, force it always or just wait for SSL people to > figure out something else. I think I'll do the last option for now. > > In any case, I noticed there was some memory "leaking" when doing SSL > renegotiation and that definitely needs to be fixed: > http://hg.dovecot.org/dovecot-2.0/rev/ad2ebc237570
I don't know if I'm doing something wrong, but I can't even cause a DoS. Even while all imap-login processes are eating 100% CPU (almost 500 handshakes/second), I can successfully log in with another client.
