So I guess that means there is either a bug in LibreSSL (oh no), or in s6-networking's LibreSSL code?
Probably the latter; given your trace, it seems to be the tunnel codenot handling it correctly when it receives a EOF just after the handshake.
I don't have time to debug it right now, but I will take a look this week-end at worst. -- Laurent