26 Mar 2026 22:34:24 HERCEK, Marián via stunnel-users <stunnel-users@lists.stunnel.org>:
Hello.
Anybody has working setup with Oracle (SQLPlus)?
Mine ends up with „Connection reset by peer“.
Server
pid = /var/run/stunnel-oracle.pid
cert = /etc/stunnel/stunnel.pem
debug = 7
output = /var/log/stunnel/stunnel.log
client = no
[oracle]
accept = 1.2.3.4:11521
connect = 127.0.0.1:1521
stunnel -version
Initializing inetd mode configuration
stunnel 5.71 on x86_64-redhat-linux-gnu platform
Compiled/running with OpenSSL 1.1.1k FIPS 25 Mar 2021
Threading:PTHREAD Sockets:POLL,IPv6,SYSTEMD TLS:ENGINE,FIPS,OCSP,PSK,SNI
Global options:
fips = no
RNDbytes = 1024
RNDfile = /dev/urandom
RNDoverwrite = yes
Service-level options:
ciphers = PROFILE=SYSTEM (with "fips = yes")
ciphers = PROFILE=SYSTEM (with "fips = no")
ciphersuites = TLS_AES_256_GCM_SHA384:TLS_AES_128_GCM_SHA256:TLS_CHACHA20_POLY1305_SHA256 (with TLSv1.3)
curves = P-256:P-521:P-384 (with "fips = yes")
curves = X25519:P-256:X448:P-521:P-384 (with "fips = no")
debug = daemon.notice
logId = sequential
options = NO_SSLv2
options = NO_SSLv3
securityLevel = 2
sessionCacheSize = 1000
sessionCacheTimeout = 300 seconds
stack = 65536 bytes
TIMEOUTbusy = 300 seconds
TIMEOUTclose = 60 seconds
TIMEOUTconnect = 10 seconds
TIMEOUTidle = 43200 seconds
TIMEOUTocsp = 5 seconds
verify = none
Client
debug = 7
output = stunnel.log
client = yes
[oracle]
accept = 127.0.0.1:50102
connect = 1.2.3.4:11521
verifyChain = no
stunnel 5.77 on x64-pc-mingw32-gnu platform
Compiled/running with OpenSSL 3.5.5 27 Jan 2026
Threading:WIN32 Sockets:SELECT,IPv6 TLS:ENGINE,FIPS,OCSP,PSK,SNI
Global options:
fips = no
RNDbytes = 1024
RNDoverwrite = yes
taskbar = yes
Service-level options:
ciphers = FIPS:!DH:!kDHEPSK (with "fips = yes")
ciphers = HIGH:!aNULL:!SSLv2:!DH:!kDHEPSK (with "fips = no")
ciphersuites = TLS_AES_256_GCM_SHA384:TLS_AES_128_GCM_SHA256:TLS_CHACHA20_POLY1305_SHA256 (with TLSv1.3)
curves = P-256:P-521:P-384 (with "fips = yes")
curves = X25519MLKEM768:X25519:P-256:X448:P-521:P-384 (with "fips = no")
debug = notice
logId = sequential
options = NO_SSLv2
options = NO_SSLv3
securityLevel = 2
sessionCacheSize = 1000
sessionCacheTimeout = 300 seconds
stack = 131072 bytes
TIMEOUTbusy = 300 seconds
TIMEOUTclose = 60 seconds
TIMEOUTconnect = 10 seconds
TIMEOUTidle = 43200 seconds
TIMEOUTocsp = 5 seconds
verify = none
Debug logs from server (client logs are similar)
2026.03.26 12:54:18 LOG7[main]: Found 1 ready file descriptor(s)
2026.03.26 12:54:18 LOG7[main]: FD=4 events=0x2001 revents=0x0
2026.03.26 12:54:18 LOG7[main]: FD=9 events=0x2001 revents=0x1
2026.03.26 12:54:18 LOG7[main]: Service [oracle] accepted (FD=3) from 4.5.6.7:54017
2026.03.26 12:54:18 LOG7[3]: Service [oracle] started
2026.03.26 12:54:18 LOG7[3]: Setting local socket options (FD=3)
2026.03.26 12:54:18 LOG7[3]: Option TCP_NODELAY set on local socket
2026.03.26 12:54:18 LOG5[3]: Service [oracle] accepted connection from 4.5.6.7:54017
2026.03.26 12:54:18 LOG6[3]: Peer certificate not required
2026.03.26 12:54:18 LOG7[3]: TLS state (accept): before SSL initialization
2026.03.26 12:54:18 LOG7[3]: TLS state (accept): before SSL initialization
2026.03.26 12:54:18 LOG7[3]: Initializing application specific data for session authenticated
2026.03.26 12:54:18 LOG7[3]: Decrypt session ticket callback
2026.03.26 12:54:18 LOG6[3]: Decrypted ticket for an authenticated session: yes
2026.03.26 12:54:18 LOG7[3]: SNI: no virtual services defined
2026.03.26 12:54:18 LOG7[3]: TLS state (accept): SSLv3/TLS read client hello
2026.03.26 12:54:18 LOG7[3]: Deallocating application specific data for session connect address
2026.03.26 12:54:18 LOG7[3]: TLS state (accept): SSLv3/TLS write server hello
2026.03.26 12:54:18 LOG7[3]: TLS state (accept): SSLv3/TLS write change cipher spec
2026.03.26 12:54:18 LOG7[3]: TLS state (accept): TLSv1.3 early data
2026.03.26 12:54:18 LOG7[3]: TLS state (accept): TLSv1.3 early data
2026.03.26 12:54:18 LOG7[3]: Initializing application specific data for session authenticated
2026.03.26 12:54:18 LOG7[3]: Decrypt session ticket callback
2026.03.26 12:54:18 LOG6[3]: Decrypted ticket for an authenticated session: yes
2026.03.26 12:54:18 LOG7[3]: SNI: no virtual services defined
2026.03.26 12:54:18 LOG7[3]: TLS state (accept): SSLv3/TLS read client hello
2026.03.26 12:54:18 LOG7[3]: TLS state (accept): SSLv3/TLS write server hello
2026.03.26 12:54:18 LOG7[3]: TLS state (accept): TLSv1.3 write encrypted extensions
2026.03.26 12:54:18 LOG7[3]: TLS state (accept): SSLv3/TLS write finished
2026.03.26 12:54:18 LOG7[3]: TLS state (accept): TLSv1.3 early data
2026.03.26 12:54:18 LOG7[3]: TLS state (accept): TLSv1.3 early data
2026.03.26 12:54:18 LOG7[3]: TLS state (accept): SSLv3/TLS read finished
2026.03.26 12:54:18 LOG7[3]: 4 server accept(s) requested
2026.03.26 12:54:18 LOG7[3]: 4 server accept(s) succeeded
2026.03.26 12:54:18 LOG7[3]: 0 server renegotiation(s) requested
2026.03.26 12:54:18 LOG7[3]: 2 session reuse(s)
2026.03.26 12:54:18 LOG7[3]: 3 internal session cache item(s)
2026.03.26 12:54:18 LOG7[3]: 0 internal session cache fill-up(s)
2026.03.26 12:54:18 LOG7[3]: 0 internal session cache miss(es)
2026.03.26 12:54:18 LOG7[3]: 0 external session cache hit(s)
2026.03.26 12:54:18 LOG7[3]: 0 expired session(s) retrieved
2026.03.26 12:54:18 LOG7[3]: Initializing application specific data for session authenticated
2026.03.26 12:54:18 LOG7[3]: Deallocating application specific data for session connect address
2026.03.26 12:54:18 LOG7[3]: Generate session ticket callback
2026.03.26 12:54:18 LOG7[3]: Initializing application specific data for session authenticated
2026.03.26 12:54:18 LOG7[3]: Deallocating application specific data for session connect address
2026.03.26 12:54:18 LOG7[3]: New session callback
2026.03.26 12:54:18 LOG6[3]: No peer certificate received
2026.03.26 12:54:18 LOG6[3]: Session id: 483B0F9A7D229A299E5FE0AF18B9BC00D26CFB781A363ABC612E6C8481EE8D11
2026.03.26 12:54:18 LOG7[3]: TLS state (accept): SSLv3/TLS write session ticket
2026.03.26 12:54:18 LOG6[3]: TLS accepted: previous session reused
2026.03.26 12:54:18 LOG6[3]: TLSv1.3 ciphersuite: TLS_AES_256_GCM_SHA384 (256-bit encryption)
2026.03.26 12:54:18 LOG6[3]: Peer temporary key: X25519, 253 bits
2026.03.26 12:54:18 LOG7[3]: Compression: null, expansion: null
2026.03.26 12:54:18 LOG6[3]: Session id: 483B0F9A7D229A299E5FE0AF18B9BC00D26CFB781A363ABC612E6C8481EE8D11
2026.03.26 12:54:18 LOG6[3]: s_connect: connecting 127.0.0.1:1521
2026.03.26 12:54:18 LOG7[3]: s_connect: s_poll_wait 127.0.0.1:1521: waiting 10 seconds
2026.03.26 12:54:18 LOG7[3]: FD=6 events=0x2001 revents=0x0
2026.03.26 12:54:18 LOG7[3]: FD=11 events=0x2005 revents=0x1
2026.03.26 12:54:18 LOG5[3]: s_connect: connected 127.0.0.1:1521
2026.03.26 12:54:18 LOG6[3]: persistence: 127.0.0.1:1521 cached
2026.03.26 12:54:18 LOG5[3]: Service [oracle] connected remote server from 127.0.0.1:43694
2026.03.26 12:54:18 LOG7[3]: Setting remote socket options (FD=11)
2026.03.26 12:54:18 LOG7[3]: Option TCP_NODELAY set on remote socket
2026.03.26 12:54:18 LOG7[3]: Remote descriptor (FD=11) initialized
2026.03.26 12:54:18 LOG6[3]: TLS fd: Connection reset by peer (104)
2026.03.26 12:54:18 LOG6[3]: transfer: SSL_read: Socket is closed
2026.03.26 12:54:18 LOG6[3]: TLS socket closed (SSL_read)
2026.03.26 12:54:18 LOG7[3]: Sent socket write shutdown
2026.03.26 12:54:18 LOG5[3]: Connection closed: 190 byte(s) sent to TLS, 663 byte(s) sent to socket
2026.03.26 12:54:18 LOG7[3]: Deallocating application specific data for session connect address
2026.03.26 12:54:18 LOG7[3]: Remote descriptor (FD=11) closed
2026.03.26 12:54:18 LOG7[3]: Local descriptor (FD=3) closed
2026.03.26 12:54:18 LOG7[3]: Service [oracle] finished (0 left)