question

ThomasWard-2051 avatar image
0 Votes"
ThomasWard-2051 asked ThomasWard-2051 answered

SQL Driver v. 17 TLS Cipher Suite Mismatch, how to define cipher suites to use in pyodbc?

Hello.

We're using the SQL Server Driver version 17 from Microsoft with pyodbc in a Python application.

We have a very old SQL Server, SQL Server 2014, on Windows Server 2012. Before you bite off my head for 'old software' and write off as that, we're trying to look for a workaround for the TLS problem.

We're connecting to this system via PyODBC on an Ubuntu 20.04 box. Default cipher suites disable older ciphers, and 'newer' ciphers aren't available on the older Windows box.

I know that, in Python, sockets can be created with 'custom' Cipher Suite definitions and such as what's available to the socket. What I need to know is if we can apply something similar to that for PyODBC and the TLS 1.2 to enable 'older' cipher strings.


Does anyone know if there's an implementation we can do in this case to 'enable' older cipher strings?

sql-server-general
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Cathyji-msft avatar image
0 Votes"
Cathyji-msft answered

Hi @ThomasWard-2051,

Quote from Python SQL Driver - pyodbc

PyODBC is community-supported software. Microsoft contributes to the pyODBC open-source community and is an active participant in the repository at https://github.com/mkleehammer/pyodbc/. However, this software doesn't come with Microsoft support.

To get help, file an issue in the pyODBC GitHub repository or visit other Python community resources.


If the response is helpful, please click "Accept Answer" and upvote it, as this could help other community members looking for similar queries.


5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

ThomasWard-2051 avatar image
0 Votes"
ThomasWard-2051 answered

Alright, then let's take another stab.

To my knowledge, Microsoft develops the underlying unixodbc libraries, and the SQL Server 17 driver for it.

Is there a way at the SQL Server 17 driver level to specify the cipher strings to pass into it for TLS/SSL negotiation with older servers? If there is not, then it sounds like Microsoft has overlooked a key compatibility problem.

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.