diff --git a/lib/mongo/crypt/encryption_io.rb b/lib/mongo/crypt/encryption_io.rb
index 405629dcfd..2417652d46 100644
--- a/lib/mongo/crypt/encryption_io.rb
+++ b/lib/mongo/crypt/encryption_io.rb
@@ -363,10 +363,10 @@ def with_ssl_socket(endpoint, tls_options, timeout_ms: nil)
           tls_options.merge(socket_options)
         )
         yield(mongo_socket.socket)
-      rescue EOFError => e
+      rescue Error::KmsError
+        raise
+      rescue StandardError => e
         raise Error::KmsError.new("Error when connecting to KMS provider: #{e.class}: #{e.message}", network_error: true)
-      rescue => e
-        raise Error::KmsError.new("Error when connecting to KMS provider: #{e.class}: #{e.message}")
       ensure
         mongo_socket&.close
       end
diff --git a/lib/mongo/socket/ssl.rb b/lib/mongo/socket/ssl.rb
index f46b5d2ef0..d9e5d7cb52 100644
--- a/lib/mongo/socket/ssl.rb
+++ b/lib/mongo/socket/ssl.rb
@@ -312,8 +312,6 @@ def create_context(options)
             context.options = context.options | OpenSSL::SSL::OP_NO_RENEGOTIATION
           end
 
-          context.options |= OpenSSL::SSL::OP_IGNORE_UNEXPECTED_EOF
-
           if context.respond_to?(:renegotiation_cb=)
             # Disable renegotiation for older Ruby versions per the sample code at
             # https://rubydocs.org/d/ruby-2-6-0/classes/OpenSSL/SSL/SSLContext.html