Thanks for the pointers (I have no idea why I failed to find the gnutls26 bug yesterday when I looked)
bug 1533230 comment #12 (https://bugs.launchpad.net/ubuntu/+source/gnutls26/+bug/1534230/comments/12) seems to be the same problem as I'm having. Using the command: gnutls-cli -p 636 ldaphost.domain.com --priority 'SECURE256:+SIGN-RSA- SHA224:+SIGN-DSA-SHA224' works but gnutls-cli -p 636 ldaphost.domain.com --priority 'SECURE256' does not work and gives an error of *** Fatal error: The signature algorithm is not supported. *** Handshake has failed GnuTLS error: The signature algorithm is not supported. Our slapd.conf file contained a TLSCipherSuite SECURE256:-VERS-SSL3.0 which I think explains where syncrepl fails but ldapsearch still works as it will use a SECURE128 cipher I don't understand why I now need to add specific signature algorithms to list now though? -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1537762 Title: syncrepl does not work when using tls To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openldap/+bug/1537762/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
