On 1/26/2017 7:59 PM, John McKee wrote: > We had to update our server from CentOS 6.7 to CentOS 6.8 due to security compliance. When doing so however, it caused 389 to be unstable for TLS/SSL port 636. It would be up for a minute or two, then fail with the following error when a server/script tried to connect. Non-TLS/SSL port 389 would work fine without any issues/errors. Before we patched, it would work without issues. Connection to port shows no issue with certificate. > <cut> Hello, I had similar problem one year ago (the thread is here https://lists.fedoraproject.org/archives/list/389-users@xxxxxxxxxxxxxxxxxxxxxxx/thread/GHO5ZOM5IGYN33XKI2IZ643DRJTCA66U/#SSGF6OH5ICOASJHOPOCDOP2AGFHLXQ3A ) Can you try this: In order to verify if cause is the same, run this command to see if the daemon crashes: openssl s_client -connect LDAPHOSTNAME:636 -cipher ECDHE-RSA-AES256-GCM-SHA384 If it crashes, put this line in /etc/sysconfig/dirsrv export NSS_DISABLE_HW_GCM=1 After this restart the service and see if it will crash again by openssl client Hope this helps, _______________________________________________ 389-users mailing list -- 389-users@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to 389-users-leave@xxxxxxxxxxxxxxxxxxxxxxx
