Re: OpenSSL SSL_read: OpenSSL/3.5.7: error:0A000126:SSL

From: Enji Cooper (yaneurabeya) <yaneurabeya_at_gmail.com>
Date: Wed, 01 Jul 2026 06:13:32 UTC
> On Jun 30, 2026, at 11:01 PM, Enji Cooper (yaneurabeya) <yaneurabeya@gmail.com> wrote:
> 
>> On Jun 30, 2026, at 10:57 PM, Enji Cooper (yaneurabeya) <yaneurabeya@gmail.com> wrote:
>> 
>>> 
>>> On Jun 29, 2026, at 12:57 PM, Enji Cooper (yaneurabeya) <yaneurabeya@gmail.com> wrote:
>>> 
>>>> 
>>>> On Jun 28, 2026, at 9:43 PM, A FreeBSD User <freebsd@walstatt-de.de> wrote:
>>>> 
>>>> Hello,
>>>> 
>>>> while updating sources and ports tree via git, many times these days I somehow hit a timeout /
>>>> which terminates sometimes poudriere.
>>>> 
>>>> Hosts involved: recent CURRENT since a couple of months.
>>>> 
>>>> [...]
>>>> [00:00:00] Updating portstree "head" with git+https...fatal: unable to access
>>>> 'https://git.freebsd.org/ports.git/': OpenSSL SSL_read: OpenSSL/3.5.7: error:0A000126:SSL
>>>> routines::unexpected eof while reading, errno 0
>>>> 
>>>> What is going wrong here and how can I mitigate/repair this issue?
>>>> 
>>>> Thanks in adavnce,
>>> 
>>> Hi,
>>> This is on my radar. I’ll try to provide more information by the end of the day.
>> 
>> Hi oh,
>> Thanks to Marius, I was just reminded of this. Is your poudriere jail largely up to date with “state of the art” OpenSSL [1]?
>> Between you and Marius, poudriere (so far) seems to be a common denominator in your issues.
>> It’s been a while since I’ve setup a poudriere jail. I can try doing this; having more details about the jail versions and the affected pieces of software and their dependencies would be helpful (it would reduce the amount of needle-in-a-haystack work I would need to do).
>> Thank you,
>> -Enji
> 
> I forgot to include the link in my last reply for [1]. In particular, version mismatches could be causing problems with software that leverages libssl. The basic gist from that GitHub issue in [1] is that “upgrading software versions fixed the problem I was seeing”, so my gut feeling is that it might be a problem with a jail’s userspace binaries being out of sync with the corresponding ports software versions.
> -Enji
> 
> 1. https://github.com/openssl/openssl/issues/18866#issuecomment-1194219601

A quick skim of this LLM-generated page helps go into the generic issue in more detail, providing possible insights into what might be causing the issue: https://ithy.com/article/fix-openssl-error0a000126-for-ssl-8w813fv2 (in short it’s a very generic TLS handshake problem). It doesn’t go into the poudriere jail possibility, but one can infer that being a possibility since Docker container configuration debugging is mentioned in the article.
Cheers,
-Enji