i have an acl set to allow only some ips to connect unencrypted:
{0}to dn.children="dc=abc,dc=net" by peername.ip= read break by peername.ip= read break by ssf=128 read break by * none

olcSecurity: ssf=0 tls=0 simple_bind=0 update_ssf=0

this works in general, but if i restart slapd i get from the defined ips from above 'confidentially required'. then i have to set ssf=1 then back to ssf=0 to make
it work again?

anyone an idea why?