December 2025 - stunnel-users

Re: stunnel : SSL_connect: Peer suddenly disconnected
by Jose Alf. 19 Dec '25

19 Dec '25

Hi Souheila, Are you sure that you are running an NFS server in your azure machine that natively supports TLS? If you are not, you must put an stunnel wrapper in front of it. It looks to me that the NFS service exposed at 52.239.241.136:2049 does not support TLS. 2025.12.19 07:53:48 LOG7[0]: Service [52.239.241.136] started 2025.12.19 07:53:48 LOG7[0]: Setting local socket options (FD=584) 2025.12.19 07:53:48 LOG7[0]: Option TCP_NODELAY set on local socket 2025.12.19 07:53:48 LOG5[0]: Service [52.239.241.136] accepted connection from 127.0.0.1:58887 2025.12.19 07:53:48 LOG6[0]: s_connect: connecting 52.239.241.136:2049 2025.12.19 07:53:48 LOG7[0]: s_connect: s_poll_wait 52.239.241.136:2049: waiting 10 seconds 2025.12.19 07:53:48 LOG7[0]: FD=1040 ifds=rwx ofds=--- 2025.12.19 07:53:49 LOG5[0]: s_connect: connected 52.239.241.136:2049 2025.12.19 07:53:49 LOG5[0]: Service [52.239.241.136] connected remote server from 192.168.1.26:58888 2025.12.19 07:53:49 LOG7[0]: Setting remote socket options (FD=1040) 2025.12.19 07:53:49 LOG7[0]: Option TCP_NODELAY set on remote socket 2025.12.19 07:53:49 LOG7[0]: Remote descriptor (FD=1040) initialized 2025.12.19 07:53:49 LOG6[0]: SNI: sending servername: 52.239.241.136 2025.12.19 07:53:49 LOG7[0]: No previous session to resume 2025.12.19 07:53:49 LOG6[0]: Peer certificate not required 2025.12.19 07:53:49 LOG7[0]: TLS state (connect): before SSL initialization 2025.12.19 07:53:49 LOG7[0]: TLS state (connect): SSLv3/TLS write client hello 2025.12.19 07:53:49 LOG7[0]: TLS alert (write): fatal: decode error 2025.12.19 07:53:49 LOG3[0]: SSL_connect: ssl/record/rec_layer_s3.c:696: error:0A000126:SSL routines::unexpected eof while reading 2025.12.19 07:53:49 LOG5[0]: Connection closed/reset: 0 byte(s) sent to TLS, 0 byte(s) sent to socket 2025.12.19 07:53:49 LOG7[0]: Remote descriptor (FD=1040) closed 2025.12.19 07:53:49 LOG7[0]: local_rfd/local_wfd reset (FD=584) 2025.12.19 07:53:49 LOG7[0]: Local descriptor (FD=584) closed 2025.12.19 07:53:49 LOG7[0]: Service [52.239.241.136] finished (0 left) Regards,Jose A. Diaz On 18/12/2025, at 11:25 PM, Souheila Hechaichi via stunnel-users <stunnel-users(a)stunnel.org> wrote: Hey, I hope your help.The problem of 403754EAC87F0000:error:0A000126:SSL routines::unexpected eof while reading:../ssl/record/rec_layer_s3.c:696: is a bug in openssl version 3.x.xWhith my configuration OpenSSL 1.1.1f, the connection succeded but Its systematically closes <image.png> And with tcpdump I observe a connection reset<image.png>Best regards;From: Michał Trojnara via stunnel-users <stunnel-users(a)stunnel.org> Sent: Thursday, December 18, 2025 8:24 PM To: stunnel-users(a)stunnel.org <stunnel-users(a)stunnel.org> Subject: [stunnel-users] Re: stunnel : SSL_connect: Peer suddenly disconnected Hi Souheila, It does not look like your remote machine accepts TLS: $ openssl s_client -connect 52.239.241.136:2049 Connecting to 52.239.241.136 CONNECTED(00000003) 403754EAC87F0000:error:0A000126:SSL routines::unexpected eof while reading:../ssl/record/rec_layer_s3.c:696: Why exactly do you think that stunnel could be used to mount NFS file shares? Stunnel can be a TLS client, but not an NFS client. Those aredifferent protocols. Best regards, Mike On 12/18/25 6:15 PM, Souheila Hechaichi via stunnel-users wrote: I am using stunnel to mount an azure nfs file share. The stunnel process log the following messageDec 18 17:55:20 vmubuntu18 stunnel: LOG3[23840]: SSL_connect: Peer suddenly disconnected The stunnel configure file isverifyChain = nodebug = debugoutput = /etc/stunnel/microsoft/aznfs/nfsv4_fileShare/logs/stunnel_52.239.241.136.logpid = /etc/stunnel/microsoft/aznfs/nfsv4_fileShare/logs/stunnel_52.239.241.136.pidTIMEOUTidle = 61 [52.239.241.136]client = yesaccept = 127.0.0.1:20049connect = 52.239.241.136:2049 A trace with tcpdump display the following logs<image.png> We observe a reset connection between azure server and my machine. Best regardsSouheila _______________________________________________ stunnel-users mailing list -- stunnel-users(a)stunnel.org To unsubscribe send an email to stunnel-users-leave(a)stunnel.org _______________________________________________ stunnel-users mailing list -- stunnel-users(a)stunnel.org To unsubscribe send an email to stunnel-users-leave(a)stunnel.org

1 0

stunnel : SSL_connect: Peer suddenly disconnected
by Souheila Hechaichi 18 Dec '25

18 Dec '25

I am using stunnel to mount an azure nfs file share. The stunnel process log the following message Dec 18 17:55:20 vmubuntu18 stunnel: LOG3[23840]: SSL_connect: Peer suddenly disconnected The stunnel configure file is verifyChain = no debug = debug output = /etc/stunnel/microsoft/aznfs/nfsv4_fileShare/logs/stunnel_52.239.241.136.log pid = /etc/stunnel/microsoft/aznfs/nfsv4_fileShare/logs/stunnel_52.239.241.136.pid TIMEOUTidle = 61 [52.239.241.136] client = yes accept = 127.0.0.1:20049 connect = 52.239.241.136:2049 A trace with tcpdump display the following logs [cid:defde221-2fed-4b36-9480-0181f6f7d5a9] We observe a reset connection between azure server and my machine. Best regards Souheila

2 2

OCSPflag not processed in ocsp_stapling() ?
by King's Way 01 Dec '25

01 Dec '25

Hi there, I was trying to make stunnel ignore OCSP verification error for local certificates when doing OCSP Stapling. But it seems the flag "OCSPflag = NOVERIFY" is not properly passed to openssl. I have tried to patch it in function ocsp_stapling(), and it worked. But I wonder whether it is a bug or intentionally designed this way? With kind regards！ ------------------------------------------------------------ King's Way <io[AT]stdio.io<http://stdio.io>>

1 0