[Date Prev][Date Next] [Chronological] [Thread] [Top]

Problem with TLS and multiple servers in URI


I have been using openldap with TLS for quite some time now, and now I needed to add a backup server. Replication works fine.
TLS also work, but only if I only have one server in the URI in ldap.conf.
If I add the backup server to the URI, TLS stop working.The client can now reach both servers, but TLS always fail with SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure.

From what I can see, slapd stops to negotiate TLS when more than one server is specified in ldap.conf. If I start slapd when there only is one server specified in ldap.conf, and then add the
second server when slapd is running, TLS suddenly works, and the client can reach both servers!

/Johan Andersson