Hi,

I am having this issue, but setting the cipher suite to +RSA:+AES-256-CBC:+SHA1 doesn't fix the problem.

slapd.conf: TLSCipherSuite +RSA:+AES-256-CBC:+SHA1 TLSCACertificateFile /etc/ldap/ssl/cacert.pem TLSCertificateFile /etc/ldap/ssl/cert.pem TLSCertificateKeyFile /etc/ldap/ssl/key.pem

Debug log of slapd: tchingRuleUse: ... supportedFeatures $ supportedApplicationContext ) ) TLS: could not set cipher list +RSA:+AES-256-CBC:+SHA1. main: TLS init def ctx failed: -1 slapd destroy: freeing system resources. slapd stopped.

Output of "gnutls-cli -l": ... TLS_RSA_EXPORT_ARCFOUR_40_MD5 0x00, 0x03 SSL 3.0 TLS_RSA_ARCFOUR_SHA1 0x00, 0x05 SSL 3.0 TLS_RSA_ARCFOUR_MD5 0x00, 0x04 SSL 3.0 TLS_RSA_3DES_EDE_CBC_SHA1 0x00, 0x0a SSL 3.0 TLS_RSA_AES_128_CBC_SHA1 0x00, 0x2f SSL 3.0 TLS_RSA_AES_256_CBC_SHA1 0x00, 0x35 SSL 3.0 Certificate types: X.509, OPENPGP Protocols: SSL 3.0, TLS 1.0, TLS 1.1, TLS 1.2 Ciphers: AES 256 CBC, AES 128 CBC, 3DES 168 CBC, DES CBC, ARCFOUR 128, ARCFOUR 4 0, RC2 40, NULL MACs: SHA, MD5, SHA256, SHA384, SHA512, MD2, RIPEMD160, NULL Key exchange algorithms: Anon DH, RSA, RSA EXPORT, DHE RSA, DHE DSS, SRP DSS, SR P RSA, SRP, PSK, DHE PSK Compression: LZO, DEFLATE, NULL