Well, I found and fixed a number of problems: ldaps:// was catching SSL_Connect failure ldaps:// was not connecting on appropriate port SSL_connect was being called with SSL_VERIFY_PEER even when disabled Both ldaps:// and StartTLS appear to be working fine now for all devel client tools. StartTLS error handling/reporting is a bit odd. I may tune this later. Please test these changes so we can kick out a 2.0.1. Kurt