Hi Souheila,

Are you sure that you are running an NFS server in your azure machine that natively supports TLS? If you are not, you must put an stunnel wrapper in front of it.

It looks to me that the NFS service exposed at 52.239.241.136:2049 does not support TLS.

2025.12.19 07:53:48 LOG7[0]: Service [52.239.241.136] started
2025.12.19 07:53:48 LOG7[0]: Setting local socket options (FD=584)
2025.12.19 07:53:48 LOG7[0]: Option TCP_NODELAY set on local socket
2025.12.19 07:53:48 LOG5[0]: Service [52.239.241.136] accepted connection from 127.0.0.1:58887
2025.12.19 07:53:48 LOG6[0]: s_connect: connecting 52.239.241.136:2049
2025.12.19 07:53:48 LOG7[0]: s_connect: s_poll_wait 52.239.241.136:2049: waiting 10 seconds
2025.12.19 07:53:48 LOG7[0]: FD=1040 ifds=rwx ofds=---
2025.12.19 07:53:49 LOG5[0]: s_connect: connected 52.239.241.136:2049
2025.12.19 07:53:49 LOG5[0]: Service [52.239.241.136] connected remote server from 192.168.1.26:58888
2025.12.19 07:53:49 LOG7[0]: Setting remote socket options (FD=1040)
2025.12.19 07:53:49 LOG7[0]: Option TCP_NODELAY set on remote socket
2025.12.19 07:53:49 LOG7[0]: Remote descriptor (FD=1040) initialized
2025.12.19 07:53:49 LOG6[0]: SNI: sending servername: 52.239.241.136
2025.12.19 07:53:49 LOG7[0]: No previous session to resume
2025.12.19 07:53:49 LOG6[0]: Peer certificate not required
2025.12.19 07:53:49 LOG7[0]: TLS state (connect): before SSL initialization
2025.12.19 07:53:49 LOG7[0]: TLS state (connect): SSLv3/TLS write client hello
2025.12.19 07:53:49 LOG7[0]: TLS alert (write): fatal: decode error
2025.12.19 07:53:49 LOG3[0]: SSL_connect: ssl/record/rec_layer_s3.c:696: error:0A000126:SSL routines::unexpected eof while reading
2025.12.19 07:53:49 LOG5[0]: Connection closed/reset: 0 byte(s) sent to TLS, 0 byte(s) sent to socket
2025.12.19 07:53:49 LOG7[0]: Remote descriptor (FD=1040) closed
2025.12.19 07:53:49 LOG7[0]: local_rfd/local_wfd reset (FD=584)
2025.12.19 07:53:49 LOG7[0]: Local descriptor (FD=584) closed
2025.12.19 07:53:49 LOG7[0]: Service [52.239.241.136] finished (0 left)

Regards,

Jose A. Diaz

On 18/12/2025, at 11:25 PM, Souheila Hechaichi via stunnel-users <stunnel-users@stunnel.org> wrote:

Hey, I hope your help.

The problem of 403754EAC87F0000:error:0A000126:SSL routines::unexpected eof while reading:../ssl/record/rec_layer_s3.c:696: is a bug in openssl version 3.x.x

Whith my configuration OpenSSL 1.1.1f, the connection succeded but Its systematically closes

<image.png>

And with tcpdump I observe a connection reset

<image.png>

Best regards;

From: Michał Trojnara via stunnel-users <stunnel-users@stunnel.org>
Sent: Thursday, December 18, 2025 8:24 PM
To: stunnel-users@stunnel.org <stunnel-users@stunnel.org>
Subject: [stunnel-users] Re: stunnel : SSL_connect: Peer suddenly disconnected

Hi Souheila,

It does not look like your remote machine accepts TLS:

$ openssl s_client -connect 52.239.241.136:2049
Connecting to 52.239.241.136
CONNECTED(00000003)
403754EAC87F0000:error:0A000126:SSL routines::unexpected eof while reading:../ssl/record/rec_layer_s3.c:696:

Why exactly do you think that stunnel could be used to mount NFS file shares? Stunnel can be a TLS client, but not an NFS client. Those are different protocols.

Best regards,
Mike

On 12/18/25 6:15 PM, Souheila Hechaichi via stunnel-users wrote:

I am using stunnel to mount an azure nfs file share.

The stunnel process log the following message

Dec 18 17:55:20 vmubuntu18 stunnel: LOG3[23840]: SSL_connect: Peer suddenly disconnected

The stunnel configure file is

verifyChain = no

debug = debug

output = /etc/stunnel/microsoft/aznfs/nfsv4_fileShare/logs/stunnel_52.239.241.136.log

pid = /etc/stunnel/microsoft/aznfs/nfsv4_fileShare/logs/stunnel_52.239.241.136.pid

TIMEOUTidle = 61

[52.239.241.136]

client = yes

accept = 127.0.0.1:20049

connect = 52.239.241.136:2049

A trace with tcpdump display the following logs

<image.png>