Updated to 12 (with 1.1.1) ; is unable to establish connections between a server and a client…

This problem is reported by the client:

tlsv1 alert internal error

The server does not report any problem in it's logs:

connection_read(14): checking for input on id=1011
connection_read(14): TLS accept failure error=-1 id=1011, closing

In wireshark, I can see 3 way handshake, STARTTLS request & answer, Client Hello, Server Hello, FIN, FIN

Does this ring a bell?


Testing with a 11.2 jail an the same version of OpenLDAP server & client, I git more useful feedback:

CA signature digest algorithm too weak

It turns out the CA that signed my server certificate is , and their root certificate use as signature algorithm, which is rejected by recent .

Certificates with SHA256 sigantures are available here:


After installing them, everything is fine 😌

Sign in to participate in the conversation
La Quadrature du Net - Mastodon - Media Fédéré

The social network of the future: No ads, no corporate surveillance, ethical design, and decentralization! Own your data with Mastodon!