http://vincent.bernat.im/en/blog/2011-ssl-dos-mitigation.html -> "Things
get worse" shows that it's easier to DoS the server with multiple
connections than with renegotiations, so I don't know if there's much
point in disabling renegotiations. Perhaps Dovecot could allow e.g. one
renegotiation per minute, but is that really worth the trouble?..
Perhaps there even are some clients that do renegotiations and Dovecot
would break them.



Reply via email to