Dear maintainer, Another quick update: on another machine running stunnel4 3:5.49-1 as server, I tried upgrading openssl to 1.1.1-2 and then adding "options = NO_TLSv1.3" to stunnel.conf, thus forcing the two ends (both running stunnel4 3:5.49-1 and openssl 1.1.1-2) to negotiate TLS 1.2. This proves effective at preventing segfaults as well. So the problem seems to have something to do with TLS 1.3.
Regards, Frank