TLSSocket does not gracefully handle peer protocol violation during TLS teardown

Version

24.13.0

Platform

Have tried on these:
> Linux [hostname] 6.6.87.2-microsoft-standard-WSL2 #1 SMP PREEMPT_DYNAMIC Thu Jun  5 18:30:46 UTC 2025 x86_64 x86_64 x86_64 GNU/Linux
> Linux [hostname] 6.12.64-87.122.amzn2023.aarch64 #1 SMP Mon Jan 12 22:17:48 UTC 2026 aarch64 aarch64 aarch64 GNU/Linux

Subsystem

tls

What steps will reproduce the bug?

This is reproducible against mail.smtp2go.com on port 465.

Save the following as test.js and run with node test.js. After socket.end() is called, the process terminates due to an unhandled 'error' event emitted by TLSSocket during TLS teardown.

const tls = require('tls');

const socket = tls.connect(465, 'mail.smtp2go.com', () => {
  console.log('TLS connected');

  socket.on('data', d => console.log('DATA:', d.toString()));
  socket.on('end', () => console.log('end'));
  socket.on('finish', () => console.log('finish'));

  setTimeout(() => {
    socket.end();
    console.log('socket.end() called');
  }, 3000);
});

setInterval(() => console.log('alive'), 1000);

How often does it reproduce? Is there a required condition?

Every time, when the peer sends invalid (non‑TLS) after (or during?) TLS teardown.

What is the expected behavior? Why is that the expected behavior?

After tls.connect() completes and socket.end() is called, I expected the process to continue running. Instead, the process exited with an "Unhandled 'error' event".

I am not certain whether this behavior is intentional, especially in light of the recent Node 24.13.0 security release, or an edge case in the TLS socket lifecycle.

What do you see instead?

$ node test.js
TLS connected
DATA: 220 mail.smtp2go.com ESMTP Exim 4.99.1-S2G Sat, 07 Feb 2026 05:41:32 +0000

alive
alive
alive
socket.end() called
finish
node:events:486
      throw er; // Unhandled 'error' event
      ^

Error: C0686C2E10700000:error:0A0001BB:SSL routines:tls13_validate_record_header:bad record type:../deps/openssl/