We have the following problem: a security scan runs periodically (maybe once a week) on our end-points where httpserver is used. This security scan performs diverse checks during the SSL handshake, for this reason the SSL handshake duration is ca 1 minute.
The httpserver does not respond to any request during this time because the HTTP-Dispatcher thread is blocked in the SSL Handshake.

This is a major problem:

• our services experience relative long downtimes each time this security scan is performed
• an attacker could use this to perform a very simple DOS attack on the end-point and block it

The problem lies in the method robaho.net.httpserver.ServerImpl.Dispatcher#run: the SSL Handshake is performed within the HTTP-Dispatcher thread. We have checked the code but it's not straightforward how to solve this problem without deep knowledge of the dispatcher processing.