It seems I misremebered, post-STARTTLS renegotiation is not subjected
to anvil rate limits. I'd need to find the right OpenSSL callback
to hook into the server processing of client TLS HELLO requests and
turn them down if the rate is too high. This is not presently
implemented.
Maybe it would
Hello postfix-users,
While checking the SSL configuration of a Postfix server, I noticed that
so-called "Client-initiated secure renegotiation" is available at
Postfix by default.
You can verify it with following openssl command and press "R" once the
connection is successfully established:
