On 1/26/2017 7:59 PM, John McKee wrote:
We had to update our server from CentOS 6.7 to CentOS 6.8 due to security compliance. When doing so however, it caused 389 to be unstable for TLS/SSL port 636. It would be up for a minute or two, then fail with the following error when a server/script tried to connect. Non-TLS/SSL port 389 would work fine without any issues/errors. Before we patched, it would work without issues. Connection to port shows no issue with certificate.
<cut>
Hello,
I had similar problem one year ago (the thread is here https://lists.fedoraproject.org/archives/list/389-users@lists.fedoraproject.... )
Can you try this:
In order to verify if cause is the same, run this command to see if the daemon crashes:
openssl s_client -connect LDAPHOSTNAME:636 -cipher ECDHE-RSA-AES256-GCM-SHA384
If it crashes, put this line in /etc/sysconfig/dirsrv
export NSS_DISABLE_HW_GCM=1
After this restart the service and see if it will crash again by openssl client
Hope this helps,