One way to amplify dos of a server is to tie up the cpu doing ssl. I know it is too early for adding features to libressl but perhaps bearing it in mind (if it isn't already) would be of benefit in it's future development or make it clear if this should purely be an admins task with pf and process cpu monitoring etc..
-- _______________________________________________________________________ 'Write programs that do one thing and do it well. Write programs to work together. Write programs to handle text streams, because that is a universal interface' (Doug McIlroy) In Other Words - Don't design like polkit or systemd _______________________________________________________________________
