We are contemplating setting a size limit on the sessions that Postfix
will commit to external storage, this should be large enough to hold all
reasonable server certificate chains, and yet not so large as to easily
allow bad servers to exhaust system storage with huge session objects.
Are there any guidelines on how much space one should be willing to
allocate for an SSL_SESSION (serialized size) before one considers
the peer that creates a session that large to be an attacker...
FWIW, the largest session in my session cache now is 2198 bytes.