since the last update (both courier-authlib and openssl) we're having some problems with the tls connections for imap and pop3. normally the users can connect without any problems to imap-ssl and pop3-ssl. sometimes there are some lonley errors in the logfile like below. but if i'm emerging some updates no user can't get anymore get connected to those (imap and pop3 non ssl still work well) and the logs get filled with errors below: --- Mar 7 15:04:30 server1 pop3d-ssl: couriertls: accept: error:140B544E:SSL routines:SSL_GET_NEW_SESSION:ssl session id callback failed Mar 7 15:04:31 server1 pop3d-ssl: couriertls: accept: error:140B544E:SSL routines:SSL_GET_NEW_SESSION:ssl session id callback failed Mar 7 15:05:53 server1 pop3d-ssl: couriertls: connect: error:140B544E:SSL routines:SSL_GET_NEW_SESSION:ssl session id callback failed --- and i'm not emerging something which would affect the running courier-imap. so as the errors appear sometimes and while i'm emerging and therefor the server is under some load i assume that there is maybe a problem with the tls while the host is under some load. well i don't know really why this should affect it, but this is currently the only explanation i have and i can reproduce it with every emerge i do.
ah btw this might be an interesting information: i'm using a gentoo-hardened with selinux enabled, and if selinux is disabled this problem doesn't appear even under some load. so maybe it has some problems under selinux and some load.
do you receive any avc deny that would make selinux to be the cuplrit? and what does cat /proc/sys/kernel/random/entropy_avail return when you encounter that problem?
fixed it with uncommenting the don't audit of selinux, then saw that there was sometimes a problem accessing /dev/random, now recompiled it with using /dev/urandom (which sould be enough for pop3s and imaps) anyway about the question of entropy: always very deep: around 200 or so. looking for solutions to increase that. (not yet found)