Home > Net >  Connection to mysql (MariaDB) fails in python->SQLAlchemy while it succeeds in cmd
Connection to mysql (MariaDB) fails in python->SQLAlchemy while it succeeds in cmd

Time:03-23

I'm trying to connect to remote mysql (MariaDB) database with some security options within flask app using db_url. Simplified test version:

from sqlalchemy import create_engine
engine = create_engine(
    'mysql mysqlconnector://user:[email protected]:3306/mydb?' 
    'ssl_key=/path/to/key.pem' 
    '&ssl_cert=/path/to/scrt.crt'
)
connection = engine.connect()

and get error which leads to problem with SSL

sqlalchemy.exc.InterfaceError: (mysql.connector.errors.InterfaceError) 2026 (HY000): SSL connection error: error:1425F102:SSL routines:ssl_choose_client_version:unsupported protocol
(Background on this error at: http://sqlalche.me/e/rvf5)

(I also tried pymysql instead of mysqlconnector)

HOWEVER (what I don't understand) when I try to connect from command line - it works.

mysql -u user -ppassword mydb -h remote.host.com --ssl-cert=/path/to/scrt.crt --ssl-key=/path/to/key.pem

Just in case:

> SHOW VARIABLES LIKE "%version%";

 ----------------------------------- ------------------------------------------ 
| Variable_name                     | Value                                    |
 ----------------------------------- ------------------------------------------ 
| in_predicate_conversion_threshold | 1000                                     |
| innodb_version                    | 10.3.34                                  |
| protocol_version                  | 10                                       |
| slave_type_conversions            |                                          |
| system_versioning_alter_history   | ERROR                                    |
| system_versioning_asof            | DEFAULT                                  |
| version                           | 10.3.34-MariaDB-0ubuntu0.20.04.1         |
| version_comment                   | Ubuntu 20.04                             |
| version_compile_machine           | x86_64                                   |
| version_compile_os                | debian-linux-gnu                         |
| version_malloc_library            | system                                   |
| version_source_revision           | a36fc80aeb3f835fad02f443d65dc608b74b92d1 |
| version_ssl_library               | YaSSL 2.4.4                              |
| wsrep_patch_version               | wsrep_25.24                              |
 ----------------------------------- ------------------------------------------

Just in case 2. Also in openssl config /etc/ssl/openssl.cnf ( server one's, not remote.host.com)

...
[system_default_sect]
MinProtocol = TLSv1.1
...

Note: I recently updated server to Ubuntu 20.04.4 LTS and python to 3.8.10 (maybe it's not relevant)

CodePudding user response:

After lots of digging - the problem ended up being outdated version of remote database. After upgrade everything works as intended.

My understanding is TLS versions that was used on database was too insecure (non existent in %version% variables). After upgrade I got in the results:

tls_version    | TLSv1.1,TLSv1.2,TLSv1.3

which is compatible with version required by openssl on client (MinProtocol = TLSv1.1)

Page link:https//www.codepudding.com/net/344749.html

Prev:Is there a fast way to convert a string of 8 ASCII decimal digits into a binary number?
Next:Why doesn't this Java HttpsServer successfully complete a TLS handshake?
  • Related

About Us:  Contact Us      Terms of Service       Privacy Policy

Copyright © 2010-2023,Powered By CodePudding