I have a non-SSL Oracle client that can't be upgraded or reconfigured and needs to connect to Autonomous DB. I'm hoping stunnel can make the connection using either TLS or mTLS and proxy the unencrypted database connection for the client. This solution assumes there is nothing else different about the database protocol other than TLS, but I haven't been able to get this to work.
This is what I've tried. On a client using a normal TLS connection to Autonomous DB (via python-oracledb), I succeeded in making a standard connection. I then setup stunnel as follows.
foreground = yes
debug = info
[oracle]
accept = 127.0.0.1:1521
connect = adb.us-ashburn-1.oraclecloud.com:1521
client = yes
I edited the dsn in the Python client, changing the host to localhost and the protocol from tcps to tcp, and removing the security params.
The dsn looks like this with myservice being the service name:
(description= (retry_count=3)(retry_delay=3)(address=(protocol=tcp)(port=1521)(host=localhost))(connect_data=(service_name=[myservice])))
stunnel makes the connection, but throws an error:
TLS connected: new session negotiated
TLSv1.2 ciphersuite: AES256-GCM-SHA384 (256-bit encryption)
SSL_read: ../ssl/record/ssl3_record.c:1065: error:14191044:SSL routines:tls1_enc:internal error
Connection reset: 752 byte(s) sent to TLS, 8 byte(s) sent to socket
and here is the error from the client:
oracledb.exceptions.OperationalError: DPY-6005: cannot connect to database (CONNECTION_ID=7lYoOdKpopm9Q+p/vk/4TA==). DPY-4011: the database or network closed the connection [Errno 104] Connection reset by peer
Is there a configuration change I can make or is this even possible with stunnel?