SSL_ERROR_ZERO_RETURN is returned by OpenSSL's SSL_read() when the peer has sent a close_notify alert, indicating it has cleanly shut down its side of the TLS connection. This is not technically an error — it is the normal, expected way for a TLS connection to end. However, it becomes a problem when it occurs unexpectedly, such as when the client is in the middle of reading a response, during the TLS handshake, or immediately after connecting. In those cases, it indicates the server is prematurely closing the connection, which can be caused by misconfigured timeouts, request rejection, or resource limits on the server side.
The server finished sending its response and properly shut down the TLS connection. This is normal behavior after an HTTP/1.0 response or when the server sends 'Connection: close'. It only becomes an issue if the client did not expect the connection to end at that point.
The connection was idle too long and the server closed it cleanly. This is common with connection pools where the server's keep-alive timeout is shorter than the client's pool eviction timeout.
The server decided to reject the connection (due to rate limiting, IP blocking, or invalid request headers) and sent close_notify without sending an HTTP response body, causing the client to see an unexpected clean shutdown.
Connect to the server and observe when the close_notify is sent. If it happens immediately after the handshake, the server is rejecting the connection. If it happens after a delay, it may be a timeout.
openssl s_client -connect yourdomain.com:443 -servername yourdomain.com
After connecting, manually send an HTTP request to see if the server responds before closing. If you get a response, the connection is working normally; the closure is expected after the response.
echo -e 'GET / HTTP/1.1\r\nHost: yourdomain.com\r\nConnection: close\r\n\r\n' | openssl s_client -connect yourdomain.com:443 -servername yourdomain.com -quiet 2>/dev/null
Review the server's keep-alive timeout, max connections, and rate limiting settings. The server may be closing connections due to resource pressure.
An I/O error occurred during an SSL operation, typically indicating a network-level problem or abrupt connection termination.
An error occurred in the SSL/TLS library itself, typically indicating a protocol violation or internal processing failure.