Connecting to Oracle errors to Connection reset by peer (104)
Hello. Anybody has working setup with Oracle (SQLPlus)? Mine ends up with "Connection reset by peer". Server pid = /var/run/stunnel-oracle.pid cert = /etc/stunnel/stunnel.pem debug = 7 output = /var/log/stunnel/stunnel.log client = no [oracle] accept = 1.2.3.4:11521 connect = 127.0.0.1:1521 stunnel -version Initializing inetd mode configuration stunnel 5.71 on x86_64-redhat-linux-gnu platform Compiled/running with OpenSSL 1.1.1k FIPS 25 Mar 2021 Threading:PTHREAD Sockets:POLL,IPv6,SYSTEMD TLS:ENGINE,FIPS,OCSP,PSK,SNI Global options: fips = no RNDbytes = 1024 RNDfile = /dev/urandom RNDoverwrite = yes Service-level options: ciphers = PROFILE=SYSTEM (with "fips = yes") ciphers = PROFILE=SYSTEM (with "fips = no") ciphersuites = TLS_AES_256_GCM_SHA384:TLS_AES_128_GCM_SHA256:TLS_CHACHA20_POLY1305_SHA256 (with TLSv1.3) curves = P-256:P-521:P-384 (with "fips = yes") curves = X25519:P-256:X448:P-521:P-384 (with "fips = no") debug = daemon.notice logId = sequential options = NO_SSLv2 options = NO_SSLv3 securityLevel = 2 sessionCacheSize = 1000 sessionCacheTimeout = 300 seconds stack = 65536 bytes TIMEOUTbusy = 300 seconds TIMEOUTclose = 60 seconds TIMEOUTconnect = 10 seconds TIMEOUTidle = 43200 seconds TIMEOUTocsp = 5 seconds verify = none Client debug = 7 output = stunnel.log client = yes [oracle] accept = 127.0.0.1:50102 connect = 1.2.3.4:11521 verifyChain = no stunnel 5.77 on x64-pc-mingw32-gnu platform Compiled/running with OpenSSL 3.5.5 27 Jan 2026 Threading:WIN32 Sockets:SELECT,IPv6 TLS:ENGINE,FIPS,OCSP,PSK,SNI Global options: fips = no RNDbytes = 1024 RNDoverwrite = yes taskbar = yes Service-level options: ciphers = FIPS:!DH:!kDHEPSK (with "fips = yes") ciphers = HIGH:!aNULL:!SSLv2:!DH:!kDHEPSK (with "fips = no") ciphersuites = TLS_AES_256_GCM_SHA384:TLS_AES_128_GCM_SHA256:TLS_CHACHA20_POLY1305_SHA256 (with TLSv1.3) curves = P-256:P-521:P-384 (with "fips = yes") curves = X25519MLKEM768:X25519:P-256:X448:P-521:P-384 (with "fips = no") debug = notice logId = sequential options = NO_SSLv2 options = NO_SSLv3 securityLevel = 2 sessionCacheSize = 1000 sessionCacheTimeout = 300 seconds stack = 131072 bytes TIMEOUTbusy = 300 seconds TIMEOUTclose = 60 seconds TIMEOUTconnect = 10 seconds TIMEOUTidle = 43200 seconds TIMEOUTocsp = 5 seconds verify = none Debug logs from server (client logs are similar) 2026.03.26 12:54:18 LOG7[main]: Found 1 ready file descriptor(s) 2026.03.26 12:54:18 LOG7[main]: FD=4 events=0x2001 revents=0x0 2026.03.26 12:54:18 LOG7[main]: FD=9 events=0x2001 revents=0x1 2026.03.26 12:54:18 LOG7[main]: Service [oracle] accepted (FD=3) from 4.5.6.7:54017 2026.03.26 12:54:18 LOG7[3]: Service [oracle] started 2026.03.26 12:54:18 LOG7[3]: Setting local socket options (FD=3) 2026.03.26 12:54:18 LOG7[3]: Option TCP_NODELAY set on local socket 2026.03.26 12:54:18 LOG5[3]: Service [oracle] accepted connection from 4.5.6.7:54017 2026.03.26 12:54:18 LOG6[3]: Peer certificate not required 2026.03.26 12:54:18 LOG7[3]: TLS state (accept): before SSL initialization 2026.03.26 12:54:18 LOG7[3]: TLS state (accept): before SSL initialization 2026.03.26 12:54:18 LOG7[3]: Initializing application specific data for session authenticated 2026.03.26 12:54:18 LOG7[3]: Decrypt session ticket callback 2026.03.26 12:54:18 LOG6[3]: Decrypted ticket for an authenticated session: yes 2026.03.26 12:54:18 LOG7[3]: SNI: no virtual services defined 2026.03.26 12:54:18 LOG7[3]: TLS state (accept): SSLv3/TLS read client hello 2026.03.26 12:54:18 LOG7[3]: Deallocating application specific data for session connect address 2026.03.26 12:54:18 LOG7[3]: TLS state (accept): SSLv3/TLS write server hello 2026.03.26 12:54:18 LOG7[3]: TLS state (accept): SSLv3/TLS write change cipher spec 2026.03.26 12:54:18 LOG7[3]: TLS state (accept): TLSv1.3 early data 2026.03.26 12:54:18 LOG7[3]: TLS state (accept): TLSv1.3 early data 2026.03.26 12:54:18 LOG7[3]: Initializing application specific data for session authenticated 2026.03.26 12:54:18 LOG7[3]: Decrypt session ticket callback 2026.03.26 12:54:18 LOG6[3]: Decrypted ticket for an authenticated session: yes 2026.03.26 12:54:18 LOG7[3]: SNI: no virtual services defined 2026.03.26 12:54:18 LOG7[3]: TLS state (accept): SSLv3/TLS read client hello 2026.03.26 12:54:18 LOG7[3]: TLS state (accept): SSLv3/TLS write server hello 2026.03.26 12:54:18 LOG7[3]: TLS state (accept): TLSv1.3 write encrypted extensions 2026.03.26 12:54:18 LOG7[3]: TLS state (accept): SSLv3/TLS write finished 2026.03.26 12:54:18 LOG7[3]: TLS state (accept): TLSv1.3 early data 2026.03.26 12:54:18 LOG7[3]: TLS state (accept): TLSv1.3 early data 2026.03.26 12:54:18 LOG7[3]: TLS state (accept): SSLv3/TLS read finished 2026.03.26 12:54:18 LOG7[3]: 4 server accept(s) requested 2026.03.26 12:54:18 LOG7[3]: 4 server accept(s) succeeded 2026.03.26 12:54:18 LOG7[3]: 0 server renegotiation(s) requested 2026.03.26 12:54:18 LOG7[3]: 2 session reuse(s) 2026.03.26 12:54:18 LOG7[3]: 3 internal session cache item(s) 2026.03.26 12:54:18 LOG7[3]: 0 internal session cache fill-up(s) 2026.03.26 12:54:18 LOG7[3]: 0 internal session cache miss(es) 2026.03.26 12:54:18 LOG7[3]: 0 external session cache hit(s) 2026.03.26 12:54:18 LOG7[3]: 0 expired session(s) retrieved 2026.03.26 12:54:18 LOG7[3]: Initializing application specific data for session authenticated 2026.03.26 12:54:18 LOG7[3]: Deallocating application specific data for session connect address 2026.03.26 12:54:18 LOG7[3]: Generate session ticket callback 2026.03.26 12:54:18 LOG7[3]: Initializing application specific data for session authenticated 2026.03.26 12:54:18 LOG7[3]: Deallocating application specific data for session connect address 2026.03.26 12:54:18 LOG7[3]: New session callback 2026.03.26 12:54:18 LOG6[3]: No peer certificate received 2026.03.26 12:54:18 LOG6[3]: Session id: 483B0F9A7D229A299E5FE0AF18B9BC00D26CFB781A363ABC612E6C8481EE8D11 2026.03.26 12:54:18 LOG7[3]: TLS state (accept): SSLv3/TLS write session ticket 2026.03.26 12:54:18 LOG6[3]: TLS accepted: previous session reused 2026.03.26 12:54:18 LOG6[3]: TLSv1.3 ciphersuite: TLS_AES_256_GCM_SHA384 (256-bit encryption) 2026.03.26 12:54:18 LOG6[3]: Peer temporary key: X25519, 253 bits 2026.03.26 12:54:18 LOG7[3]: Compression: null, expansion: null 2026.03.26 12:54:18 LOG6[3]: Session id: 483B0F9A7D229A299E5FE0AF18B9BC00D26CFB781A363ABC612E6C8481EE8D11 2026.03.26 12:54:18 LOG6[3]: s_connect: connecting 127.0.0.1:1521 2026.03.26 12:54:18 LOG7[3]: s_connect: s_poll_wait 127.0.0.1:1521: waiting 10 seconds 2026.03.26 12:54:18 LOG7[3]: FD=6 events=0x2001 revents=0x0 2026.03.26 12:54:18 LOG7[3]: FD=11 events=0x2005 revents=0x1 2026.03.26 12:54:18 LOG5[3]: s_connect: connected 127.0.0.1:1521 2026.03.26 12:54:18 LOG6[3]: persistence: 127.0.0.1:1521 cached 2026.03.26 12:54:18 LOG5[3]: Service [oracle] connected remote server from 127.0.0.1:43694 2026.03.26 12:54:18 LOG7[3]: Setting remote socket options (FD=11) 2026.03.26 12:54:18 LOG7[3]: Option TCP_NODELAY set on remote socket 2026.03.26 12:54:18 LOG7[3]: Remote descriptor (FD=11) initialized 2026.03.26 12:54:18 LOG6[3]: TLS fd: Connection reset by peer (104) 2026.03.26 12:54:18 LOG6[3]: transfer: SSL_read: Socket is closed 2026.03.26 12:54:18 LOG6[3]: TLS socket closed (SSL_read) 2026.03.26 12:54:18 LOG7[3]: Sent socket write shutdown 2026.03.26 12:54:18 LOG5[3]: Connection closed: 190 byte(s) sent to TLS, 663 byte(s) sent to socket 2026.03.26 12:54:18 LOG7[3]: Deallocating application specific data for session connect address 2026.03.26 12:54:18 LOG7[3]: Remote descriptor (FD=11) closed 2026.03.26 12:54:18 LOG7[3]: Local descriptor (FD=3) closed 2026.03.26 12:54:18 LOG7[3]: Service [oracle] finished (0 left)
HERCEK, Marián wrote:
2026.03.26 12:54:18 LOG6[3]: TLS fd: Connection reset by peer (104)
So your peer server decided to close your TCP connection. Why did it make such decision? It didn't say. Have you considered investigating your server logs. Best regards, Mike 26 Mar 2026 22:34:24 HERCEK, Marián via stunnel-users <stunnel-users@lists.stunnel.org>:
Hello.
Anybody has working setup with Oracle (SQLPlus)?
Mine ends up with „Connection reset by peer“.
Server
pid = /var/run/stunnel-oracle.pid cert = /etc/stunnel/stunnel.pem debug = 7 output = /var/log/stunnel/stunnel.log client = no [oracle] accept = 1.2.3.4:11521 connect = 127.0.0.1:1521
stunnel -version Initializing inetd mode configuration stunnel 5.71 on x86_64-redhat-linux-gnu platform Compiled/running with OpenSSL 1.1.1k FIPS 25 Mar 2021 Threading:PTHREAD Sockets:POLL,IPv6,SYSTEMD TLS:ENGINE,FIPS,OCSP,PSK,SNI Global options: fips = no RNDbytes = 1024 RNDfile = /dev/urandom RNDoverwrite = yes Service-level options: ciphers = PROFILE=SYSTEM (with "fips = yes") ciphers = PROFILE=SYSTEM (with "fips = no") ciphersuites = TLS_AES_256_GCM_SHA384:TLS_AES_128_GCM_SHA256:TLS_CHACHA20_POLY1305_SHA256 (with TLSv1.3) curves = P-256:P-521:P-384 (with "fips = yes") curves = X25519:P-256:X448:P-521:P-384 (with "fips = no") debug = daemon.notice logId = sequential options = NO_SSLv2 options = NO_SSLv3 securityLevel = 2 sessionCacheSize = 1000 sessionCacheTimeout = 300 seconds stack = 65536 bytes TIMEOUTbusy = 300 seconds TIMEOUTclose = 60 seconds TIMEOUTconnect = 10 seconds TIMEOUTidle = 43200 seconds TIMEOUTocsp = 5 seconds verify = none
Client
debug = 7 output = stunnel.log client = yes [oracle] accept = 127.0.0.1:50102 connect = 1.2.3.4:11521 verifyChain = no
stunnel 5.77 on x64-pc-mingw32-gnu platform Compiled/running with OpenSSL 3.5.5 27 Jan 2026 Threading:WIN32 Sockets:SELECT,IPv6 TLS:ENGINE,FIPS,OCSP,PSK,SNI Global options: fips = no RNDbytes = 1024 RNDoverwrite = yes taskbar = yes Service-level options: ciphers = FIPS:!DH:!kDHEPSK (with "fips = yes") ciphers = HIGH:!aNULL:!SSLv2:!DH:!kDHEPSK (with "fips = no") ciphersuites = TLS_AES_256_GCM_SHA384:TLS_AES_128_GCM_SHA256:TLS_CHACHA20_POLY1305_SHA256 (with TLSv1.3) curves = P-256:P-521:P-384 (with "fips = yes") curves = X25519MLKEM768:X25519:P-256:X448:P-521:P-384 (with "fips = no") debug = notice logId = sequential options = NO_SSLv2 options = NO_SSLv3 securityLevel = 2 sessionCacheSize = 1000 sessionCacheTimeout = 300 seconds stack = 131072 bytes TIMEOUTbusy = 300 seconds TIMEOUTclose = 60 seconds TIMEOUTconnect = 10 seconds TIMEOUTidle = 43200 seconds TIMEOUTocsp = 5 seconds verify = none
Debug logs from server (client logs are similar)
2026.03.26 12:54:18 LOG7[main]: Found 1 ready file descriptor(s) 2026.03.26 12:54:18 LOG7[main]: FD=4 events=0x2001 revents=0x0 2026.03.26 12:54:18 LOG7[main]: FD=9 events=0x2001 revents=0x1 2026.03.26 12:54:18 LOG7[main]: Service [oracle] accepted (FD=3) from 4.5.6.7:54017 2026.03.26 12:54:18 LOG7[3]: Service [oracle] started 2026.03.26 12:54:18 LOG7[3]: Setting local socket options (FD=3) 2026.03.26 12:54:18 LOG7[3]: Option TCP_NODELAY set on local socket 2026.03.26 12:54:18 LOG5[3]: Service [oracle] accepted connection from 4.5.6.7:54017 2026.03.26 12:54:18 LOG6[3]: Peer certificate not required 2026.03.26 12:54:18 LOG7[3]: TLS state (accept): before SSL initialization 2026.03.26 12:54:18 LOG7[3]: TLS state (accept): before SSL initialization 2026.03.26 12:54:18 LOG7[3]: Initializing application specific data for session authenticated 2026.03.26 12:54:18 LOG7[3]: Decrypt session ticket callback 2026.03.26 12:54:18 LOG6[3]: Decrypted ticket for an authenticated session: yes 2026.03.26 12:54:18 LOG7[3]: SNI: no virtual services defined 2026.03.26 12:54:18 LOG7[3]: TLS state (accept): SSLv3/TLS read client hello 2026.03.26 12:54:18 LOG7[3]: Deallocating application specific data for session connect address 2026.03.26 12:54:18 LOG7[3]: TLS state (accept): SSLv3/TLS write server hello 2026.03.26 12:54:18 LOG7[3]: TLS state (accept): SSLv3/TLS write change cipher spec 2026.03.26 12:54:18 LOG7[3]: TLS state (accept): TLSv1.3 early data 2026.03.26 12:54:18 LOG7[3]: TLS state (accept): TLSv1.3 early data 2026.03.26 12:54:18 LOG7[3]: Initializing application specific data for session authenticated 2026.03.26 12:54:18 LOG7[3]: Decrypt session ticket callback 2026.03.26 12:54:18 LOG6[3]: Decrypted ticket for an authenticated session: yes 2026.03.26 12:54:18 LOG7[3]: SNI: no virtual services defined 2026.03.26 12:54:18 LOG7[3]: TLS state (accept): SSLv3/TLS read client hello 2026.03.26 12:54:18 LOG7[3]: TLS state (accept): SSLv3/TLS write server hello 2026.03.26 12:54:18 LOG7[3]: TLS state (accept): TLSv1.3 write encrypted extensions 2026.03.26 12:54:18 LOG7[3]: TLS state (accept): SSLv3/TLS write finished 2026.03.26 12:54:18 LOG7[3]: TLS state (accept): TLSv1.3 early data 2026.03.26 12:54:18 LOG7[3]: TLS state (accept): TLSv1.3 early data 2026.03.26 12:54:18 LOG7[3]: TLS state (accept): SSLv3/TLS read finished 2026.03.26 12:54:18 LOG7[3]: 4 server accept(s) requested 2026.03.26 12:54:18 LOG7[3]: 4 server accept(s) succeeded 2026.03.26 12:54:18 LOG7[3]: 0 server renegotiation(s) requested 2026.03.26 12:54:18 LOG7[3]: 2 session reuse(s) 2026.03.26 12:54:18 LOG7[3]: 3 internal session cache item(s) 2026.03.26 12:54:18 LOG7[3]: 0 internal session cache fill-up(s) 2026.03.26 12:54:18 LOG7[3]: 0 internal session cache miss(es) 2026.03.26 12:54:18 LOG7[3]: 0 external session cache hit(s) 2026.03.26 12:54:18 LOG7[3]: 0 expired session(s) retrieved 2026.03.26 12:54:18 LOG7[3]: Initializing application specific data for session authenticated 2026.03.26 12:54:18 LOG7[3]: Deallocating application specific data for session connect address 2026.03.26 12:54:18 LOG7[3]: Generate session ticket callback 2026.03.26 12:54:18 LOG7[3]: Initializing application specific data for session authenticated 2026.03.26 12:54:18 LOG7[3]: Deallocating application specific data for session connect address 2026.03.26 12:54:18 LOG7[3]: New session callback 2026.03.26 12:54:18 LOG6[3]: No peer certificate received 2026.03.26 12:54:18 LOG6[3]: Session id: 483B0F9A7D229A299E5FE0AF18B9BC00D26CFB781A363ABC612E6C8481EE8D11 2026.03.26 12:54:18 LOG7[3]: TLS state (accept): SSLv3/TLS write session ticket 2026.03.26 12:54:18 LOG6[3]: TLS accepted: previous session reused 2026.03.26 12:54:18 LOG6[3]: TLSv1.3 ciphersuite: TLS_AES_256_GCM_SHA384 (256-bit encryption) 2026.03.26 12:54:18 LOG6[3]: Peer temporary key: X25519, 253 bits 2026.03.26 12:54:18 LOG7[3]: Compression: null, expansion: null 2026.03.26 12:54:18 LOG6[3]: Session id: 483B0F9A7D229A299E5FE0AF18B9BC00D26CFB781A363ABC612E6C8481EE8D11 2026.03.26 12:54:18 LOG6[3]: s_connect: connecting 127.0.0.1:1521 2026.03.26 12:54:18 LOG7[3]: s_connect: s_poll_wait 127.0.0.1:1521: waiting 10 seconds 2026.03.26 12:54:18 LOG7[3]: FD=6 events=0x2001 revents=0x0 2026.03.26 12:54:18 LOG7[3]: FD=11 events=0x2005 revents=0x1 2026.03.26 12:54:18 LOG5[3]: s_connect: connected 127.0.0.1:1521 2026.03.26 12:54:18 LOG6[3]: persistence: 127.0.0.1:1521 cached 2026.03.26 12:54:18 LOG5[3]: Service [oracle] connected remote server from 127.0.0.1:43694 2026.03.26 12:54:18 LOG7[3]: Setting remote socket options (FD=11) 2026.03.26 12:54:18 LOG7[3]: Option TCP_NODELAY set on remote socket 2026.03.26 12:54:18 LOG7[3]: Remote descriptor (FD=11) initialized 2026.03.26 12:54:18 LOG6[3]: TLS fd: Connection reset by peer (104) 2026.03.26 12:54:18 LOG6[3]: transfer: SSL_read: Socket is closed 2026.03.26 12:54:18 LOG6[3]: TLS socket closed (SSL_read) 2026.03.26 12:54:18 LOG7[3]: Sent socket write shutdown 2026.03.26 12:54:18 LOG5[3]: Connection closed: 190 byte(s) sent to TLS, 663 byte(s) sent to socket 2026.03.26 12:54:18 LOG7[3]: Deallocating application specific data for session connect address 2026.03.26 12:54:18 LOG7[3]: Remote descriptor (FD=11) closed 2026.03.26 12:54:18 LOG7[3]: Local descriptor (FD=3) closed 2026.03.26 12:54:18 LOG7[3]: Service [oracle] finished (0 left)
participants (2)
-
HERCEK, Marián -
Michał Trojnara