OpenSSL error[0xa00010b] (null): wrong version number

i’m migrating an haproxy setup to a new machine … when connecting to one server (backend stunnel-openvpn-backend) i receive the error the other entry haproxy stats (backend haproxy-backend) works fine. any ideas as what is wrong … i’ve used this cfg segment on a prior server.

OpenSSL error[0xa00010b] (null): wrong version number. (see cfg file below)

maxconn 100
tune.ssl.default-dh-param 2048
chroot /var/empty
user haproxy
group haproxy
stats socket /var/run/haproxy.sock mode 600 expose-fd listeners level user

mode http
log global

option tcplog

option httplog

option logasap

    option http-keep-alive
    timeout connect 5000
    timeout client 50000
    timeout server 50000
    timeout tunnel 1h

userlist AuthUsers
user dan password xxxxxxxxxxxxxxxxxxxxxxxxxx

listen stats
mode http
log global
maxconn 10
stats enable
stats hide-version
stats refresh 30s
stats show-node

stats auth admin:password

    stats uri /haproxy?stats

frontend https
bind *:443
mode tcp
tcp-request inspect-delay 5s
tcp-request content accept if { req.ssl_hello_type 1 }
use_backend stunnel-openvpn-backend if { req.ssl_sni -i }
default_backend https-back

frontend https-front
bind ssl crt /etc/letsencrypt/live/ accept-proxy
mode http
use_backend haproxy-backend if { ssl_fc_sni -i }

backend https-back
mode tcp
server https-front send-proxy-v2

Openvpn with stunnel

backend stunnel-openvpn-backend
mode tcp
timeout server 2h
server stunnel-openvpn check

Haproxy Stats

backend haproxy-backend
mode http
timeout server 2h
server haproxy no-ssl check
http-request redirect location /haproxy?stats if { path / }
http-request set-header X-Forwarded-Port %[dst_port]
http-request add-header X-Forwarded-Proto https if { ssl_fc }
acl auth_ok http_auth(AuthUsers)
http-request auth realm haproxy-stats unless auth_ok

i’m using OpenSSL 3.0.2 15 Mar 2022 (Library: OpenSSL 3.0.2 15 Mar 2022) on a ubuntu 22.04 intel nuc

downgraded openvpn client … to match haproxy ssl verson … all is well