On Wed, 2016-01-27 at 23:29 +0200, Todor Petkov wrote: > > > > > You might have hit a nss-softokn - processor mismatch issue. Could > > you > > please try this workaround? > > > > We would like to know setting the following environment variable(s) > > changes the behavior. > > 1) > > Open /etc/sysconfig/dirsrv and add the following line: > > export NSS_DISABLE_HW_GCM=1 > > Restart the Directory Server. > > Does the LDAP/TLS request crash the server? > > 2) > > If the server still crashes, add another variable to > > /etc/sysconfig/dirsrv: > > export NSS_DISABLE_HW_AES=1 > > Restart the Directory Server. > > Does the LDAP/TLS request crash the server? > > > Hello, > the first variable is set. Unfortunately I can not reproduce the > request, since I do not know it;( > > Regards, It looks like it just a client connection that is using AES GCM, it hasn't got to process the ldap request yet. I think that the following should work: openssl s_client -connect LDAPHOSTNAME:636 -cipher ECDHE-RSA-AES256- GCM-SHA384 Should be able to reproduce it. Else, you can wait patiently for the crash to happen again. Perhaps try unsetting the variables Noriko mentioned, test that the openssl command does indeed cause a crash, then re-apply the environment variables to see if that prevents it? -- Sincerely, William Brown Software Engineer Red Hat, Brisbane
Attachment:
signature.asc
Description: This is a digitally signed message part
-- 389 users mailing list 389-users@%(host_name)s http://lists.fedoraproject.org/admin/lists/389-users@xxxxxxxxxxxxxxxxxxxxxxx
