diff --git a/conn.go b/conn.go
index 277b21c..5979ca0 100644
--- a/conn.go
+++ b/conn.go
@@ -22,7 +22,7 @@ type Conn struct {
 	// TLS config for StartTLS connections
 	TLSConfig *tls.Config
 	// Mutex to prevent reading/writing while setting up TLS
-	tlsStarting sync.Mutex
+	tlsStarting sync.RWMutex
 	// Mutex to synchronize message sending
 	sending sync.Mutex
 	// Wait group to enable atomic Bind request processing
@@ -80,8 +80,8 @@ func (c *Conn) SendUnsolicitedNotification(resultCode LDAPResultCode, diagnostic
 
 // Sends a LDAPMessage to the client and removes the corresponding message from the abandonment cache
 func (c *Conn) SendMessage(msg *Message) error {
-	c.tlsStarting.Lock()
-	defer c.tlsStarting.Unlock()
+	c.tlsStarting.RLock()
+	defer c.tlsStarting.RUnlock()
 	c.sending.Lock()
 	defer c.sending.Unlock()
 	_, err := io.Copy(c.conn, bytes.NewReader(msg.EncodeWithHeader()))
diff --git a/server.go b/server.go
index 94972aa..b754932 100644
--- a/server.go
+++ b/server.go
@@ -129,9 +129,9 @@ func (s *LDAPServer) handleConnection(c net.Conn) {
 			// Close() called
 			return
 		}
-		ldapConn.tlsStarting.Lock()
+		ldapConn.tlsStarting.RLock()
 		msg, err := ldapConn.ReadMessage()
-		ldapConn.tlsStarting.Unlock()
+		ldapConn.tlsStarting.RUnlock()
 		if err != nil {
 			if errors.Is(err, syscall.Errno(0x2746)) { // Windows: An existing connection was forcibly closed by the client
 				log.Println("Connection was reset by the client.")