diff --git a/CHANGES b/CHANGES
index b8b820d7e9dc204d6c2768288e574aa2c6b8543a..b6bc31a5c3509f551add73737de0d9a759e7d141 100644
--- a/CHANGES
+++ b/CHANGES
@@ -31,6 +31,7 @@ OpenLDAP 2.4.17 Engineering
 	Fixed slapd-hdb freeing of already freed entries (ITS#6074)
 	Fixed slapd-hdb entryinfo cleanup (ITS#6088)
 	Fixed slapd-hdb dncache lockups (ITS#6095)
+	Fixed slapd-ldap deadlock with non-responsive TLS URIs (ITS#6167)
 	Fixed slapd-relay to return failure on failure (ITS#5328)
 	Fixed slapd-sql with BACKSQL_ARBITRARY_KEY defined (ITS#6100)
 	Fixed slapo-dds entry expiration (ITS#6169)
diff --git a/servers/slapd/back-ldap/back-ldap.h b/servers/slapd/back-ldap/back-ldap.h
index 54e55ce6330a220886ea6713960e9265e76dac22..70692457011b423dba273ffb38ded3d52fad02a4 100644
--- a/servers/slapd/back-ldap/back-ldap.h
+++ b/servers/slapd/back-ldap/back-ldap.h
@@ -245,6 +245,9 @@ typedef struct ldapinfo_t {
 	 * to be checked for the presence of a certain item */
 	BerVarray		li_bvuri;
 	ldap_pvt_thread_mutex_t	li_uri_mutex;
+	/* hack because when TLS is used we need to lock and let 
+	 * the li_urllist_f function to know it's locked */
+	int			li_uri_mutex_do_not_lock;
 
 	LDAP_REBIND_PROC	*li_rebind_f;
 	LDAP_URLLIST_PROC	*li_urllist_f;
diff --git a/servers/slapd/back-ldap/bind.c b/servers/slapd/back-ldap/bind.c
index 9691f11f6df9a1c60e2c1f802f4e47c693e4ff03..2521b3fbf8dfc227e741a3472de6a88755417f6b 100644
--- a/servers/slapd/back-ldap/bind.c
+++ b/servers/slapd/back-ldap/bind.c
@@ -691,8 +691,11 @@ ldap_back_prepare_conn( ldapconn_t *lc, Operation *op, SlapReply *rs, ldap_back_
 	}
 
 	ldap_pvt_thread_mutex_lock( &li->li_uri_mutex );
+	assert( li->li_uri_mutex_do_not_lock == 0 );
+	li->li_uri_mutex_do_not_lock = 1;
 	rs->sr_err = ldap_back_start_tls( ld, op->o_protocol, &is_tls,
 			li->li_uri, li->li_flags, li->li_nretries, &rs->sr_text );
+	li->li_uri_mutex_do_not_lock = 0;
 	ldap_pvt_thread_mutex_unlock( &li->li_uri_mutex );
 	if ( rs->sr_err != LDAP_SUCCESS ) {
 		ldap_unbind_ext( ld, NULL, NULL );
@@ -1581,13 +1584,19 @@ ldap_back_default_urllist(
 	*urllist = *url;
 	*url = NULL;
 
-	ldap_pvt_thread_mutex_lock( &li->li_uri_mutex );
+	if ( !li->li_uri_mutex_do_not_lock ) {
+		ldap_pvt_thread_mutex_lock( &li->li_uri_mutex );
+	}
+
 	if ( li->li_uri ) {
 		ch_free( li->li_uri );
 	}
 
 	ldap_get_option( ld, LDAP_OPT_URI, (void *)&li->li_uri );
-	ldap_pvt_thread_mutex_unlock( &li->li_uri_mutex );
+
+	if ( !li->li_uri_mutex_do_not_lock ) {
+		ldap_pvt_thread_mutex_unlock( &li->li_uri_mutex );
+	}
 
 	return LDAP_SUCCESS;
 }