On 1/26/2017 7:59 PM, John McKee wrote: > We had to update our server from CentOS 6.7 to CentOS 6.8 due to security > compliance. When doing so however, it caused 389 to be unstable for TLS/SSL > port 636. It would be up for a minute or two, then fail with the following > error when a server/script tried to connect. Non-TLS/SSL port 389 would work > fine without any issues/errors. Before we patched, it would work without > issues. Connection to port shows no issue with certificate. > <cut>
Hello, I had similar problem one year ago (the thread is here https://lists.fedoraproject.org/archives/list/[email protected]/thread/GHO5ZOM5IGYN33XKI2IZ643DRJTCA66U/#SSGF6OH5ICOASJHOPOCDOP2AGFHLXQ3A ) Can you try this: In order to verify if cause is the same, run this command to see if the daemon crashes: openssl s_client -connect LDAPHOSTNAME:636 -cipher ECDHE-RSA-AES256-GCM-SHA384 If it crashes, put this line in /etc/sysconfig/dirsrv export NSS_DISABLE_HW_GCM=1 After this restart the service and see if it will crash again by openssl client Hope this helps, _______________________________________________ 389-users mailing list -- [email protected] To unsubscribe send an email to [email protected]
