Hello!

We are using stunnel to work around an SSL issue in another service, and set stunnel.conf up to do prio failover. We noticed something unusual. If the TCP session connects, but the SSL negotiation fails, it doesn't fail over to the next server on the list. I looked at the code for the latest version and this doesn't seem to be caught anywhere.

What I saw in client.c shows that it only checks failover after trying to establish the TCP session, but then the SSL session happens later and doesn't give any info back to the failover code should something go wrong.

Is this expected behavior, or should I look into a bug report / patch? I was thinking maybe a configurable option to allow SSL errors to trigger failover just like TCP errors.