Definitely not an entropy problem. I see "ACCEPT" in the logs, but nothing else.
I hadn't realized RedHat was so damn behind. I'm going to generate a custom package with the latest version and see if the problem goes away. On Wed, Sep 25, 2013 at 2:21 PM, Dan White <[email protected]> wrote: > On 09/25/13 13:43 -0700, Chad Scott wrote: > >> I'm having a lot of trouble with replication when using SSL. If I >> configure >> everything exactly the same without SSL, it works flawlessly. The instant >> I >> try to encrypt traffic, one or both servers will deadlock, even after >> restart. >> > > Does slapd still respond? If so, verify that your entropy is not being > depleted for your ssl connections. I believe by default openssl uses > /dev/random which can block. Check /proc/sys/kernel/random/** > entropy_avail. > > > I'm configuring according to the instructions at >> http://www.openldap.org/doc/**admin24/replication.html#N-Way<http://www.openldap.org/doc/admin24/replication.html#N-Way>Multi-Master, >> except using ldaps:// instead of ldap://. >> >> In cn=config, I've setup: >> olcTLSCACertificateFile: /etc/openldap/certs/** >> Operations_CA_Certificate.pem >> olcTLSCertificateFile: /etc/openldap/certs/ldap.pem >> olcTLSCertificateKeyFile: /etc/openldap/certs/ldap.key >> >> I've also tried using STARTTLS over ldap:// and it seems to make no >> difference. >> >> Permissions are right and I can connect via SSL from clients without >> issue. >> >> I'm completely stumped as to what might be going on. Has anyone seen this >> before? >> >> This is running on Scientific Linux 6 with the following packages: >> openldap-2.4.23-32.el6_4.x86_**64 >> openldap-clients-2.4.23-32.**el6_4.x86_64 >> openldap-servers-2.4.23-32.**el6_4.x86_64 >> > > -- > Dan White >
