diff --git a/CHANGES b/CHANGES
index 3a9e211cbd84b544296217b776d2aaffaef6b08f..4f17948371d9d952ff2857536efddd745712b97c 100644
--- a/CHANGES
+++ b/CHANGES
@@ -3,6 +3,7 @@ OpenLDAP 2.4 Change Log
 OpenLDAP 2.4.24 Engineering
 	Fixed liblber to not close invalid sockets (ITS#6585)
 	Fixed libldap dnssrv port format specifier (ITS#6644)
+	Fixed libldap GnuTLS hang on socket close (ITS#6673)
 	Fixed libldap sasl partial write handling (ITS#6639)
 	Fixed libldap url parsing with NULL host (ITS#6653)
 	Fixed ldapsearch segfault with deref (ITS#6638)
diff --git a/libraries/libldap/tls_g.c b/libraries/libldap/tls_g.c
index f49147a36c98df3e34c82fc80f7931c6cd6c8ff8..f5076cdb99c90b8389a4a74def8c08eb97e62227 100644
--- a/libraries/libldap/tls_g.c
+++ b/libraries/libldap/tls_g.c
@@ -967,7 +967,7 @@ tlsg_sb_close( Sockbuf_IO_Desc *sbiod )
 	assert( sbiod->sbiod_pvt != NULL );
 
 	p = (struct tls_data *)sbiod->sbiod_pvt;
-	gnutls_bye ( p->session->session, GNUTLS_SHUT_RDWR );
+	gnutls_bye ( p->session->session, GNUTLS_SHUT_WR );
 	return 0;
 }