Hi, I have an issue with one connection using stunnel as client. The purpose is to connect to a server on port 8443. The connection works on the first request. But the second one is always rejected. In the log, I see on the second connection, an attempt to resume and then a handshake failure. I have tried some different parameters sslVersion, options... but with still the same issue. As there is no performance issue on this connection, is there any parameter that can stop the resume attempt ? See below the configuration file and traces of first request (Ok) and second request (NotOK). Thanks by advance for your help. Best regards Jean-Luc DESCHAMPS BERGER stunnel.conf ------------------------------------------------------ client = yes output = /GPTO/CCTMP/stunnel.log debug = 7 [olt] accept = localhost:8443 connect = 10.75.1.6:8443 verifyChain = no sslVersion = TLSv1.2 options = NO_SSLv2 options = NO_SSLv3 First connection: OK ------------------------------------------------------------------ 2026.03.04 02:00:02 LOG5[0]: Service [olt] accepted connection from 127.0.0.1:58704 2026.03.04 02:00:02 LOG6[0]: s_connect: connecting 10.75.1.6:8443 2026.03.04 02:00:02 LOG7[0]: s_connect: s_poll_wait 10.75.1.6:8443: waiting 10 seconds 2026.03.04 02:00:02 LOG7[0]: FD=6 events=0x2001 revents=0x0 2026.03.04 02:00:02 LOG7[0]: FD=15 events=0x2005 revents=0x0 2026.03.04 02:00:02 LOG5[0]: s_connect: connected 10.75.1.6:8443 2026.03.04 02:00:02 LOG5[0]: Service [olt] connected remote server from 192.168.16.249:42547 2026.03.04 02:00:02 LOG7[0]: Setting remote socket options (FD=15) 2026.03.04 02:00:02 LOG7[0]: Option TCP_NODELAY set on remote socket 2026.03.04 02:00:02 LOG7[0]: Remote descriptor (FD=15) initialized 2026.03.04 02:00:02 LOG6[0]: SNI: sending servername: 10.75.1.6 2026.03.04 02:00:02 LOG7[0]: No previous session to resume 2026.03.04 02:00:02 LOG6[0]: Peer certificate not required 2026.03.04 02:00:02 LOG7[0]: TLS state (connect): before/connect initialization 2026.03.04 02:00:02 LOG7[0]: TLS state (connect): SSLv3 write client hello A 2026.03.04 02:00:02 LOG7[0]: OCSP stapling: Client callback called 2026.03.04 02:00:02 LOG6[0]: OCSP: Certificate chain verification disabled 2026.03.04 02:00:02 LOG7[0]: TLS state (connect): SSLv3 read server hello A 2026.03.04 02:00:02 LOG6[0]: CERT: Certificate verification disabled 2026.03.04 02:00:02 LOG6[0]: CERT: Certificate verification disabled 2026.03.04 02:00:02 LOG7[0]: TLS state (connect): SSLv3 read server certificate A 2026.03.04 02:00:02 LOG7[0]: TLS state (connect): SSLv3 read server key exchange A 2026.03.04 02:00:02 LOG6[0]: Client certificate not requested 2026.03.04 02:00:02 LOG7[0]: TLS state (connect): SSLv3 read server done A 2026.03.04 02:00:02 LOG7[0]: TLS state (connect): SSLv3 write client key exchange A 2026.03.04 02:00:02 LOG7[0]: TLS state (connect): SSLv3 write change cipher spec A 2026.03.04 02:00:02 LOG7[0]: TLS state (connect): SSLv3 write finished A 2026.03.04 02:00:02 LOG7[0]: TLS state (connect): SSLv3 flush data 2026.03.04 02:00:02 LOG7[0]: TLS state (connect): SSLv3 read finished A 2026.03.04 02:00:02 LOG7[0]: New session callback 2026.03.04 02:00:02 LOG7[0]: Peer certificate was cached (1241 bytes) 2026.03.04 02:00:02 LOG6[0]: Session id: A8CFAD0D0E7D060D56EFF5045F8E1570727951423AB00D7CF70B4E4423396293 2026.03.04 02:00:02 LOG7[0]: 1 client connect(s) requested 2026.03.04 02:00:02 LOG7[0]: 1 client connect(s) succeeded 2026.03.04 02:00:02 LOG7[0]: 0 client renegotiation(s) requested 2026.03.04 02:00:02 LOG7[0]: 0 session reuse(s) 2026.03.04 02:00:02 LOG6[0]: TLS connected: new session negotiated 2026.03.04 02:00:02 LOG6[0]: TLSv1.2 ciphersuite: ECDHE-RSA-AES256-GCM-SHA384 (256-bit encryption) 2026.03.04 02:00:02 LOG7[0]: Compression: null, expansion: null 2026.03.04 02:00:02 LOG6[0]: Read socket closed (readsocket) 2026.03.04 02:00:02 LOG7[0]: Sending close_notify alert 2026.03.04 02:00:02 LOG7[0]: TLS alert (write): warning: close notify 2026.03.04 02:00:02 LOG6[0]: SSL_shutdown successfully sent close_notify alert 2026.03.04 02:00:02 LOG6[0]: transfer: SSL_read: Socket is closed 2026.03.04 02:00:02 LOG6[0]: TLS socket closed (SSL_read) 2026.03.04 02:00:02 LOG7[0]: Sent socket write shutdown 2026.03.04 02:00:02 LOG5[0]: Connection closed: 593 byte(s) sent to TLS, 704 byte(s) sent to socket Second connection: notOK ------------------------------------------------------------------------------------------------------------- 2026.03.04 02:00:04 LOG5[1]: Service [olt] accepted connection from 127.0.0.1:58710 2026.03.04 02:00:04 LOG6[1]: s_connect: connecting 10.75.1.6:8443 2026.03.04 02:00:04 LOG7[1]: s_connect: s_poll_wait 10.75.1.6:8443: waiting 10 seconds 2026.03.04 02:00:04 LOG7[1]: FD=6 events=0x2001 revents=0x0 2026.03.04 02:00:04 LOG7[1]: FD=15 events=0x2005 revents=0x0 2026.03.04 02:00:04 LOG5[1]: s_connect: connected 10.75.1.6:8443 2026.03.04 02:00:04 LOG5[1]: Service [olt] connected remote server from 192.168.16.249:42553 2026.03.04 02:00:04 LOG7[1]: Setting remote socket options (FD=15) 2026.03.04 02:00:04 LOG7[1]: Option TCP_NODELAY set on remote socket 2026.03.04 02:00:04 LOG7[1]: Remote descriptor (FD=15) initialized 2026.03.04 02:00:04 LOG6[1]: SNI: sending servername: 10.75.1.6 2026.03.04 02:00:04 LOG6[1]: Attempting to resume: A8CFAD0D0E7D060D56EFF5045F8E1570727951423AB00D7CF70B4E4423396293 2026.03.04 02:00:04 LOG6[1]: Peer certificate not required 2026.03.04 02:00:04 LOG7[1]: TLS state (connect): before/connect initialization 2026.03.04 02:00:04 LOG7[1]: TLS state (connect): SSLv3 write client hello A 2026.03.04 02:00:04 LOG7[1]: TLS alert (read): fatal: handshake failure 2026.03.04 02:00:04 LOG3[1]: SSL_connect: s3_pkt.c:1259: error:14094410:SSL routines:SSL3_READ_BYTES:sslv3 alert handshake failure: client 127.0.0.1:58710 2026.03.04 02:00:04 LOG5[1]: Connection closed/reset: 0 byte(s) sent to TLS, 0 byte(s) sent to socket 2026.03.04 02:00:04 LOG7[1]: Remote descriptor (FD=15) closed 2026.03.04 02:00:04 LOG7[1]: local_rfd/local_wfd reset (FD=3) 2026.03.04 02:00:04 LOG7[1]: Local descriptor (FD=3) closed 2026.03.04 02:00:04 LOG7[1]: Service [olt] finished (0 left)