Slurp SSL replication

[Mike Nuss <mnuss@ammasso.com>]

Hi,

I'm trying to set up slurp replication, which is something I haven't 
done before.  I have it working fine over port 389 with plaintext, but 
for obvious security reasons I would like to have that traffic 
encrypted.  I'm using openldap 2.0.27, which I'm told doesn't support 
the replica uri=ldaps://host.domain.tld/ syntax, so my master slapd.conf 
looks like this:


replica host=x.ammasso.com:636 tls=yes
           bindmethod=simple credentials=secret
           binddn="cn=x,o=Ammasso,c=US"


Again, this works fine if I do it over port 389, but with the above 
config it fails.  The debug output on the slave looks like this:


daemon: new connection on 8
daemon: conn=264 fd=8 connection from IP=x.x.x.x:40468 (IP=0.0.0.0:636) 
accepted.
daemon: added 8r
daemon: activity on:
daemon: select: listen=6 active_threads=0 tvp=NULL
daemon: activity on 1 descriptors
daemon: activity on: 8r
daemon: read activity on 8
connection_get(8)
connection_get(8): got connid=264
connection_read(8): checking for input on id=264
TLS trace: SSL_accept:before/accept initialization
tls_read: want=11, got=11
 0000:  30 1d 02 01 01 77 18 80  16 31 2e                  0....w...1.
TLS trace: SSL_accept:error in SSLv2/v3 read client hello A
TLS: can't accept.
TLS: error:140760FC:SSL routines:SSL23_GET_CLIENT_HELLO:unknown protocol 
s23_srvr.c:585
connection_read(8): TLS accept error error=-1 id=264, closing
connection_closing: readying conn=264 sd=8 for close
connection_close: conn=264 sd=8
daemon: removing 8


(Some irrelevant items have been x'ed out for the sake of privacy.)

What's with the TLS error?  I'm sure the certificates are fine because 
I'm able to query with ldaps to both servers.

Thanks,
Mike Nuss