> > Am 07.03.2018 um 17:00 schrieb Andrew Nichols via Info-cyrus: >> Hello, >> >> We run a cyrus-imap 2.5.11 server under FreeBSD and we are experiencing >> issues with TLS/STARTTLS negotiation failed entries in the log, which show >> as timeouts on the client side. It?s all different email clients and even >> our monitoring experiencing these failures. Other TLS services (https >> mostly) on the same server do not have these failures. There are also times >> when these errors ramp up and happen to most TLS clients, which is only >> solved by restarting cyrus. Has anyone else experiences these issues or >> have any tips on where to look to figure out the root cause? > > Has your server enough entropy? > Specially cloud servers with no physical ports can run low on entropy > and the random number generator used for SSL/TLS stuff needs to way > until it is filled up again. > > To check the amount of bytes of entropy currently available, use > > |cat /proc/sys/kernel/random/entropy_avail From > https://serverfault.com/questions/214605/gpg-does-not-have-enough-entropy| >
That’s what I had though at the start, but this is a physical server and /dev/random in FreeBSD is the same as /dev/urandom so it doesn’t block once seeded. Also, when this starts happening the other services on the machine that need entropy aren’t affected. Andrew Nichols Quadrant Newmedia supp...@quadrant.net 306.664.9100 ---- Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
