I updated my main server yesterday to Debain 13 (Friday a 13th… yea I know) and some cron jobs failed with the following error:
OpenSSL SSL_read: OpenSSL/3.5.4: error:0A000126:SSL routines::unexpected eof while reading, errno 0
This is a new feature in OpenSSL 3 that notifies about servers not properly terminating their TLS stuff.
Since this happened for me when connecting to a Fritzbox, I couldn’t fix it on the server side…
Thankfully some debugging and googling I found the perfect solution: https://github.com/openssl/openssl/discussions/24810
The final solution for my setup was to update /etc/ssl/openssl.cnf with the following changes:
@@ -52,6 +52,7 @@ tsa_policy3 = 1.2.3.4.5.7 [openssl_init] providers = provider_sect +ssl_conf = ssl_sect # List of providers to load [provider_sect] @@ -72,6 +73,17 @@ default = default_sect # activate = 1 +# PHK 2026-02-14 +# fix ssl error new in Debian Trixie +# https://github.com/openssl/openssl/discussions/24810#discussioncomment-9986980 +[ssl_sect] +system_default = ssl_default_sect + +[ssl_default_sect] +Options = IgnoreUnexpectedEOF +