(2022-12-07 7:17:24): [be[default]] [check_if_online_delayed] (0x2000): [RID#1010] Trying to go back online!
(2022-12-07 7:17:24): [be[default]] [fo_reset_services] (0x1000): [RID#1010] Resetting all servers in all services
(2022-12-07 7:17:24): [be[default]] [set_server_common_status] (0x0100): [RID#1010] Marking server '10.8.8.60' as 'name not resolved'
(2022-12-07 7:17:24): [be[default]] [fo_set_port_status] (0x0100): [RID#1010] Marking port 636 of server '10.8.8.60' as 'neutral'
(2022-12-07 7:17:24): [be[default]] [fo_set_port_status] (0x0400): [RID#1010] Marking port 636 of duplicate server '10.8.8.60' as 'neutral'
(2022-12-07 7:17:24): [be[default]] [dp_attach_req] (0x0400): [RID#1011] DP Request [Online Check #1011]: REQ_TRACE: New request. Flags [0000].
(2022-12-07 7:17:24): [be[default]] [dp_attach_req] (0x0400): [RID#1011] Number of active DP request: 1
(2022-12-07 7:17:24): [be[default]] [fo_resolve_service_send] (0x0100): [RID#1011] Trying to resolve service 'LDAP'
(2022-12-07 7:17:24): [be[default]] [get_server_status] (0x1000): [RID#1011] Status of server '10.8.8.60' is 'name not resolved'
(2022-12-07 7:17:24): [be[default]] [get_port_status] (0x1000): [RID#1011] Port status of port 636 for server '10.8.8.60' is 'neutral'
(2022-12-07 7:17:24): [be[default]] [fo_resolve_service_activate_timeout] (0x2000): [RID#1011] Resolve timeout [dns_resolver_timeout] set to 6 seconds
(2022-12-07 7:17:24): [be[default]] [get_server_status] (0x1000): [RID#1011] Status of server '10.8.8.60' is 'name not resolved'
(2022-12-07 7:17:24): [be[default]] [set_server_common_status] (0x0100): [RID#1011] Marking server '10.8.8.60' as 'resolving name'
(2022-12-07 7:17:24): [be[default]] [check_if_online_delayed] (0x2000): [RID#1010] Check online req created.
(2022-12-07 7:17:24): [be[default]] [set_server_common_status] (0x0100): [RID#1011] Marking server '10.8.8.60' as 'name resolved'
(2022-12-07 7:17:24): [be[default]] [be_resolve_server_process] (0x1000): [RID#1011] Saving the first resolved server
(2022-12-07 7:17:24): [be[default]] [be_resolve_server_process] (0x0200): [RID#1011] Found address for server 10.8.8.60: [10.8.8.60] TTL 7200
(2022-12-07 7:17:24): [be[default]] [sssd_async_socket_init_send] (0x4000): [RID#1011] Using file descriptor [21] for the connection.
(2022-12-07 7:17:24): [be[default]] [sssd_async_socket_init_send] (0x0400): [RID#1011] Setting 60 seconds timeout [ldap_network_timeout] for connecting
(2022-12-07 7:17:24): [be[default]] [sss_ldap_init_sys_connect_done] (0x0020): [RID#1011] ldap_install_tls failed: [Connect error] [unknown error]
(2022-12-07 7:17:24): [be[default]] [sss_ldap_init_state_destructor] (0x0400): [RID#1011] calling ldap_unbind_ext for ldap:[0x560819ad2470] sd:[21]
(2022-12-07 7:17:24): [be[default]] [sss_ldap_init_state_destructor] (0x0400): [RID#1011] closing socket [21]
(2022-12-07 7:17:24): [be[default]] [sdap_sys_connect_done] (0x0020): [RID#1011] sdap_async_connect_call request failed: [5]: Input/output error.
(2022-12-07 7:17:24): [be[default]] [sdap_handle_release] (0x2000): [RID#1011] Trace: sh[0x560819af04f0], connected[0], ops[(nil)], ldap[(nil)], destructor_lock[0], release_memory[0]
(2022-12-07 7:17:24): [be[default]] [_be_fo_set_port_status] (0x8000): [RID#1011] Setting status: PORT_NOT_WORKING. Called from: ../src/providers/ldap/sdap_async_connection.c: sdap_cli_connect_done: 1633
(2022-12-07 7:17:24): [be[default]] [fo_set_port_status] (0x0100): [RID#1011] Marking port 636 of server '10.8.8.60' as 'not working'
root@ldapclient:/home/sysop# openssl s_client -connect 10.8.8.60:636
CONNECTED(00000003)
Can't use SSL_get_servername
depth=1 CN = CompanyInternal
verify return:1
depth=0 O = CompanyInternal, CN = ldapserver00.clab.lab
verify return:1
---
Certificate chain
0 s:O = CompanyInternal, CN = ldapserver00.clab.lab
i:CN = CompanyInternal
a:PKEY: rsaEncryption, 2048 (bit); sigalg: RSA-SHA384
v:NotBefore: Nov 1 22:06:32 2022 GMT; NotAfter: Oct 29 22:06:32 2032 GMT
1 s:CN = CompanyInternal
i:CN = CompanyInternal
a:PKEY: rsaEncryption, 4096 (bit); sigalg: RSA-SHA384
v:NotBefore: Nov 1 22:04:14 2022 GMT; NotAfter: Oct 29 22:04:14 2032 GMT
---
Server certificate
-----BEGIN CERTIFICATE-----
MIIERzCCAi+gAwIBAgIUN7zSoFEoRKwSie9d3DoobHH60x4wDQYJKoZIhvcNAQEM
BQAwEjEQMA4GA1UEAxMHQmlvVGVhbTAeFw0yMjExMDEyMjA2MzJaFw0zMjEwMjky
MjA2MzJaMDIxEDAOBgNVBAoTB0Jpb1RlYW0xHjAcBgNVBAMTFWxkYXBzZXJ2ZXIw
MC5jbGFiLmxhYjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKBtDPgT
e8wr/sxg+oUiMDvyuROnxEMDvF8LRwhQianBxqQuwuZulvVLXBgWyVRyNjInUDXU
q1Hbf2JVXVkMufO/VjRIlF4lRPC/sgu1srxUdRvddBEO9t8inAMlJ0dvGOaZBwS7
fKK3+YeIRSleRbXS6ta2shvwxrDTWhiEPL4dgdeD+7J9ll4cbbuHW0YZJvlRJ9xD
VHy70qcZn6ZyDXQt83Mbf78RLioK78S0dKW6eOACKHHSexIGcP8bZOX43XTZJHME
Y7jFSBaMVF+pa0eRj6pTA6U2sFg4puWC1Xkt++1Wpnq9YdB9CqOII3UvdlPVoOHH
oGQ6CmDmIR908kUCAwEAAaN1MHMwDAYDVR0TAQH/BAIwADATBgNVHSUEDDAKBggr
BgEFBQcDATAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0OBBYEFHKk9dZu3nxATWKqJlXK
0ekuoRfkMB8GA1UdIwQYMBaAFCTD8jhauoaHVQBgCHanPoW83kRxMA0GCSqGSIb3
DQEBDAUAA4ICAQCUA72TzDR5evZpTbZAoxZ4O3Xr+gKphB7HHQ4BNZ+zW/AV/rEW
DLTnm3XQ+KPp/1jb1uSsKGqLqQ462rzzYQ5SU98/GxZM8xRxWyTq+wjLFcaUZ93V
HVSm38Y77aK+uhw2qpiMeiKzW/M4UwUYQM4trKMSzBiQz46UPKkzihL5JR/TCcKj
LrT+OhYcbIDfdnf0+jvB75eiWiQXrsX1B0VRVnFR4FqJSH8kD71OLWno9UlTpmWB
xkDrWTW5xJAb+lJT12PRRg8cMRg/GtQSIo8PAPdrm/D6aBQsRtGm8KvIleBgo5FR
htlMVzNyfq35ck8WhjyMQBwegJEbMBDSpYootdNrs5sOtv+CA6qDH6CsatYKr/ke
bu3s167q0x/RAAROcdA6+7eMyrrVyZjv4tqPzfYdLvOg6o7m3kBy1BL56flbd+je
wX4RJvNoQKGrZxKRsfKgS7cJCo3QEoV/RbOzTof3QZ4G+lLE15lI9v9Ad6aaX+Gt
oLHAqxIE1Wld/fmBTBgLL9K5NFfvfINczNLJw/+X3f6e6IjQgT743oJZ4BaNyGn6
3YT5EgDAz5hgM4BhOMovUBVgcFsUdZkH3dHrX9OrdgmP737IXlp7tuo8/J0DMPgr
e2I0qGBqCu03PBYl8G4iwF/7UKFy6cyB1srefQPoVQ0//iPQIB5p6LOhUQ==
-----END CERTIFICATE-----
subject=O = CompanyInternal, CN = ldapserver00.clab.lab
issuer=CN = CompanyInternal
---
No client certificate CA names sent
Peer signing digest: SHA256
Peer signature type: RSA-PSS
Server Temp Key: X25519, 253 bits
---
SSL handshake has read 2932 bytes and written 373 bytes
Verification: OK
---
New, TLSv1.3, Cipher is TLS_AES_256_GCM_SHA384
Server public key is 2048 bit
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
Early data was not sent
Verify return code: 0 (ok)
---
---
Post-Handshake New Session Ticket arrived:
SSL-Session:
Protocol : TLSv1.3
Cipher : TLS_AES_256_GCM_SHA384
Session-ID: 21BBA066E20DCEE0C99DA1EF0EA17A9F474DCB10993529D776A053A32EEDB728
Session-ID-ctx:
Resumption PSK: 6AC936C1645C80A5DDE93B179632FE59A4AEB15D3E3876B4385C01F769087C6D409E818BE582E550B3261CEED468423B
PSK identity: None
PSK identity hint: None
SRP username: None
TLS session ticket lifetime hint: 7200 (seconds)
TLS session ticket:
0000 - 60 81 05 60 76 ea 36 36-e4 97 99 63 43 38 8a 2b `..`v.66...cC8.+
0010 - 24 95 56 e5 af 76 a6 d2-60 82 fa d4 72 91 53 b5 $.V..v..`...r.S.
0020 - 4e fc 0d 13 b8 52 97 2a-40 13 83 7d cf 3f 51 aa N....R.*@..}.?Q.
0030 - 96 f5 76 ca 14 c1 e7 e4-1d b7 39 53 d9 ee 19 89 ..v.......9S....
0040 - fd eb e0 d9 9f 8d 33 3b-97 cd 1d 0d 8c a4 f4 f4 ......3;........
0050 - 6f ab c2 49 59 b4 1c 67-78 b9 4c 93 03 2d 5c ff o..IY..gx.L..-\.
0060 - a9 19 c8 36 a8 23 1b 3c-45 5e 6e 69 f7 8c c4 bb ...6.#.<E^ni....
0070 - d9 d2 a9 86 92 f0 98 94-68 aa eb f2 18 ab ef 59 ........h......Y
0080 - 55 96 43 ad 64 06 26 93-c1 41 8c 2b ce db bb fa U.C.d.&..A.+....
0090 - 9d 9f b3 71 fe cc ec d1-f5 e0 02 a8 70 b9 10 3c ...q........p..<
00a0 - 42 32 60 d4 ac 94 ce 76-89 3a 0e 6c 95 43 22 e4 B2`....v.:.l.C".
00b0 - 89 a4 11 a9 24 a3 9a b4-3e 85 ee bb 1f 07 2f e0 ....$...>...../.
00c0 - bf 45 a2 2e 78 a4 51 9f-34 0e e4 87 a8 b4 c3 2a .E..x.Q.4......*
Start Time: 1670399902
Timeout : 7200 (sec)
Verify return code: 0 (ok)
Extended master secret: no
Max Early Data: 0
---
read R BLOCK
---
Post-Handshake New Session Ticket arrived:
SSL-Session:
Protocol : TLSv1.3
Cipher : TLS_AES_256_GCM_SHA384
Session-ID: BBCD67A75D02D4E8A29FC1BC72AF66A58F589AABA8DCF321B809AEDC2F1100EE
Session-ID-ctx:
Resumption PSK: 2B9BBE1D73BEA62DBB0CDAFE6D25B09FB69F9D53DB02645AA889674CA7D28FF66C8D025F5ECE2015EE228AB9C1A178E9
PSK identity: None
PSK identity hint: None
SRP username: None
TLS session ticket lifetime hint: 7200 (seconds)
TLS session ticket:
0000 - 60 81 05 60 76 ea 36 36-e4 97 99 63 43 38 8a 2b `..`v.66...cC8.+
0010 - 82 ee b5 24 8c 46 a1 ce-81 14 07 fa 50 57 67 78 ...$.F......PWgx
0020 - da 6a b0 d8 df 43 d8 fd-74 67 13 61 37 36 e5 ab .j...C..tg.a76..
0030 - cd 3d 32 95 95 55 a0 47-f1 d8 4a 7c 27 aa 64 7d .=2..U.G..J|'.d}
0040 - 26 0d 60 8e 29 9c a9 40-6d 6f 59 c1 ab 6a e3 d4 &.`.)..@moY..j..
0050 - cb cb 96 05 51 46 48 f8-6b 67 53 10 47 30 36 24 ....QFH.kgS.G06$
0060 - f4 ea 62 f7 ac dc 64 b9-10 4e 62 17 75 3a 55 c9 ..b...d..Nb.u:U.
0070 - 73 98 41 c6 68 6e ee b9-62 e5 19 71 a1 df 05 62 s.A.hn..b..q...b
0080 - 7d 1a 30 dc 46 77 b3 c6-5b b6 fa 4f 2f 34 31 fa }.0.Fw..[..O/41.
0090 - bf 1e 9e 26 b8 ff 95 d3-69 7b de c3 91 34 06 6a ...&....i{...4.j
00a0 - 9e 2c ee 36 08 9f db 1f-28 44 ef 21 07 74 a8 9b .,.6....(D.!.t..
00b0 - bd 55 f6 8b cb 11 bb 5f-7f 71 ba eb 15 1e 1e 70 .U....._.q.....p
00c0 - 36 3e 9d ce 42 2c 60 6d-d0 7f de 60 4a a9 80 da 6>..B,`m...`J...
Start Time: 1670399902
Timeout : 7200 (sec)
Verify return code: 0 (ok)
Extended master secret: no
Max Early Data: 0
---
read R BLOCK
^-- it stops there. I understand hanging and waiting for further communication is normal behavior , but I don't think this is where it's supposed to stop.
Obviously, CentOS 7 with its older version of SSL has no trouble connecting. One difference is that on CentOS 7 it says "Secure Renegotiation IS supported."