[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Spurious Start TLS failed errors on proxyed bind OpenLDAP 2.4.40



--On Thursday, January 17, 2019 4:52 PM +0000 Howard Chu <hyc@symas.com> wrote:

But we seem to be getting spurious Start TLS failed messages also
without any competing connections. Here's one using ldap+STARTTLS but no
other ACCEPTs anywhere near:

These aren't spurious - your TLS library has genuinely failed to start a
session. Which TLS library are you using? What OS are you running on? The
most common cause for periodic failures is running out of entropy for the
PRNG.

They noted RHEL7 and 2.4.40, which would mean MozNSS, as the most recent RHEL7 build of 2.4.44 switched back to OpenSSL. I would just add this to the many reasons not to use RHEL for OpenLDAP.

--Quanah




--

Quanah Gibson-Mount
Product Architect
Symas Corporation
Packaged, certified, and supported LDAP solutions powered by OpenLDAP:
<http://www.symas.com>