Dear maintainer, Here's some additional info I've only noticed today that might be relevant:
My stunnel4 client side has OpenSSL 1.1.1-2. When the stunnel4 server side has OpenSSL 1.1.1-1 or 1.1.1-2, the two sides negotiate TLS 1.3. This is when the internal error and subsequent kernel general protection error occurs. When the stunnel4 server side downgrades to OpenSSL 1.1.1~~pre8-1, the two sides actually negotiate TLS 1.2. Hope this little detail helps to zero in on the problem. Regards, Frank