It seems I misremebered, post-STARTTLS renegotiation is not subjected
to anvil rate limits. I'd need to find the right OpenSSL callback
to hook into the server processing of client TLS HELLO requests and
turn them down if the rate is too high. This is not presently
implemented.
Maybe it would
On Wed, Jul 11, 2018 at 10:04:30AM -0400, Viktor Dukhovni wrote:
> On Wed, Jul 11, 2018 at 03:27:05PM +0200, Viktor Schneider wrote:
>
> > While checking the SSL configuration of a Postfix server, I noticed that
> > so-called "Client-initiated secure renegotiation" is available at
> > Postfix b
On Wed, Jul 11, 2018 at 03:27:05PM +0200, Viktor Schneider wrote:
> While checking the SSL configuration of a Postfix server, I noticed that
> so-called "Client-initiated secure renegotiation" is available at
> Postfix by default.
> You can verify it with following openssl command and press "R"
Hello postfix-users,
While checking the SSL configuration of a Postfix server, I noticed that
so-called "Client-initiated secure renegotiation" is available at
Postfix by default.
You can verify it with following openssl command and press "R" once the
connection is successfully established:
