On 5/12/2023 6:35 PM, Jeffrey Walton wrote:
I really feel like there's something wrong with the server configuration.
Entirely possible but, like the guy looking for his keys under the streetlight, I wanted to check something I knew how to check :-)
If the client is saying something reasonable (like TLS 1.2 or 1.3, not 1.1 or 1.0) and is offering a reasonable set of ciphers, then the server is sick.
Doesn't systemd open a socket even if a service is _not_ running? I think systemd does it to make the service start fast. I.e., a `systemctl start slapd.service` will happen quickly because the listening socket is already operating.
I'm not a Linux guy - I work on Solaris - but assuming that systemd operates something like its predecessor inetd, it opens sockets for transient services, so that the system can receive a connection and only *then* start up a program to handle it. Long-lived servers aren't handled that way. (And the cost to set up a listening socket is negligible.)