On 5/12/2023 6:35 PM, Jeffrey Walton wrote:
I really feel like there's something wrong with the server configuration.

Entirely possible but, like the guy looking for his keys under the streetlight, I wanted to check something I knew how to check :-)

If the client is saying something reasonable (like TLS 1.2 or 1.3, not 1.1 or 1.0) and is offering a reasonable set of ciphers, then the server is sick.


      
Doesn't systemd open a socket even if a service is _not_
        running? I
        think systemd does it to make the service start fast. I.e., a
        `systemctl start slapd.service` will happen quickly because the
        listening socket is already operating.
      

    

    

    I'm not a Linux guy - I work on Solaris - but assuming that systemd
    operates something like its predecessor inetd, it opens sockets for
    transient services, so that the system can receive a connection and
    only *then* start up a program to handle it.  Long-lived servers
    aren't handled that way.  (And the cost to set up a listening socket
    is negligible.)

    

    
-- 
Jordan Brown, Oracle ZFS Storage Appliance, Oracle Solaris