> Am 07.03.2018 um 17:00 schrieb Andrew Nichols via Info-cyrus:
>> Hello,
>> We run a cyrus-imap 2.5.11 server under FreeBSD and we are experiencing 
>> issues with TLS/STARTTLS negotiation failed entries in the log, which show 
>> as timeouts on the client side.   It?s all different email clients and even 
>> our monitoring experiencing these failures.  Other TLS services (https 
>> mostly) on the same server do not have these failures.  There are also times 
>> when these errors ramp up and happen to most TLS clients, which is only 
>> solved by restarting cyrus.    Has anyone else experiences these issues or 
>> have any tips on where to look to figure out the root cause?
> Has your server enough entropy?
> Specially cloud servers with no physical ports can run low on entropy 
> and the random number generator used for SSL/TLS stuff needs to way 
> until it is filled up again.
> To check the amount of bytes of entropy currently available, use
> |cat /proc/sys/kernel/random/entropy_avail From 
> https://serverfault.com/questions/214605/gpg-does-not-have-enough-entropy|

That’s what I had though at the start, but this is a physical server and 
/dev/random in FreeBSD is the same as /dev/urandom so it doesn’t block once 
seeded.  Also, when this starts happening the other services on the machine 
that need entropy aren’t affected.

Andrew Nichols
Quadrant Newmedia

Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
To Unsubscribe:

Reply via email to