marcel

Hi Thomas There was no issue regarding maxSSLRenegotiations since the update and no user reported any problems. In my opinion this ticket is resolved. Thank you very much for your effort. Marcel

I installed the new build and set maxSSLRenegotiations back to 10. Will monitor.the behaviour and report back again. Thank you very much Marcel

After enabling assp on all listenports, some of the users had issues with maxSSLRenegotiations, while they never had any issues communicating directly with exim. Setting the parameter to 10 or 20 was not enough. I disabled that feature and so far it is running very stable with acceptable memory consumption. Marcel

Hi Thomas I modified those 2 lines and installed your patched version. smtp connections while SNI is enabled are way faster than before (<1s vs 2-3s). Memory usage is now a bit higher than without SNI (expected) but not as excessive as before: ~650 MB after multiple connection-tests and not visibly increasing with each request like before So far it looks like your modifications solved the leak. I will leave SNI enabled, monitor the situation over the next few days and report back again. Thank you...

# ls -la /var/cpanel/ssl/domain_tls/*/combined | wc -l 186 # du -hc /var/cpanel/ssl/domain_tls/*/combined 1.5M total testing/faking connections with # echo | openssl s_client -connect ${hostname}:25 -servername ${hostname} -starttls smtp | openssl x509 -noout -dates Without SNI, following lines commented out in configWebSMTP: #$parms->{SSL_cert_file}{$domain} = $cert; #$parms->{SSL_key_file}{$domain} = $cert; memory after startup: 484 MB memory after 5 TLS connections: 500 M With SNI (all 186 certificates)::...

# ls -la /var/cpanel/ssl/domain_tls/*/combined | wc -l 186 # du -hc /var/cpanel/ssl/domain_tls/*/combined 1.5M total testing/faking connections with # echo | openssl s_client -connect ${hostname}:25 -servername ${hostname} -starttls smtp | openssl x509 -noout -dates Without SNI, following lines commented out in configWebSMTP: #$parms->{SSL_cert_file}{$domain} = $cert; #$parms->{SSL_key_file}{$domain} = $cert; memory after startup: 484 MB memory after 5 TLS connections: 500 M With SNI (all 186 certificates)::...

Unfortunately I still see the same behaviour after enabling multiple certificates

Hi Thomas Sorry, I am using perl v5.20.3 x86_64-linux-thread-multi IO::Socket::SSL 2.052 Net::SSLeay 1.82 OpenSSL-lib 1.0.2k-fips 26 Jan 2017 ASSP version 2.5.6 Fortress build 17281 The function I was trying to use with letsencrypt certificates: sub configWebSMTP { my $parms = shift; my $listenerName = &main::getSMTPListenerConfigName($parms->{LocalAddr},$parms->{LocalPort}); # returns listenPort , listenPort2 , listenPortSSL , relayPort or undef - may be used to implement different parameter settings...