Hello, is there any way to disallow client-initiated renegotiation at the dovecot? I haven't found any mention of this feature within source code as well as at the documentation.

I am asking about it because without this feature mail server is vulnerable to a TLS renegotiation DoS attack which can consume a lot of CPU and is harder to combat comparing to a basic TLS connections flood.

Reply via email to