65
Ubuntu 20 has improved the security level.
The only way i could connect was allowing the tls 1 .
Edit this file:
/usr/lib/ssl/openssl.cnf
And put at the beginning of file:
openssl_conf = default_conf
And in the end of that file too:
[ default_conf ]
ssl_conf = ssl_sect
[ssl_sect]
system_default = ssl_default_sect
[ssl_default_sect]
MinProtocol = TLSv1
CipherString = DEFAULT:@SECLEVEL=1
It help me a lot: https://askubuntu.com/questions/1233186/ubuntu-20-04-how-to-set-lower-ssl-security-level
62
For anyone googling, you can use this flag in mysql cmd: --ssl-mode=DISABLED. I.E:
mysql -uuser -p'myPassw0rd!' -hmysql.company.com --ssl-mode=DISABLED
- [Django]-How to use refresh token to obtain new access token on django-oauth-toolkit?
- [Django]-How to send email via Django?
- [Django]-Startapp with manage.py to create app in another directory
14
Add this to your mysql 5.7 server config file and then restart your mysql service
[mysqld]
tls_version=TLSv1.2
Now you should be able to connect to it using tls 1.2, which is the default in Ubuntu 20.04
For the sake of completeness, in Ubuntu 20.04 actually my.cnf and mysql.cnf are actually the same file. So editing either one will work.
$ readlink -f /etc/mysql/my.cnf
/etc/mysql/mysql.cnf
- [Django]-Django upgrading to 1.9 error "AppRegistryNotReady: Apps aren't loaded yet."
- [Django]-Django.db.utils.ProgrammingError: relation already exists
- [Django]-Displaying a Table in Django from Database
9
Bump mysqlclient to v2.X, which added ssl_mode option, https://github.com/PyMySQL/mysqlclient-python/blob/main/HISTORY.rst
DATABASES = {
'default': {
'ENGINE': 'django.db.backends.mysql',
'NAME': 'yamcha',
'USER': 'yamcha',
'PASSWORD': 'xxxxxxxxxxxxxxx',
'HOST': 'database.yourproject.com',
'PORT': '3309',
'OPTIONS': {'ssl_mode': 'DISABLED'},
}
}
- [Django]-How can I iterate over ManyToManyField?
- [Django]-Remove leading and trailing slash / in python
- [Django]-PicklingError: Can't pickle <class 'decimal.Decimal'>: it's not the same object as decimal.Decimal
8
If You are using MYSQL Workbench :
Just Disable the SSL by editing the connection.
-
Go to edit Connection in connection panel
-
Select SSL in options after parameter as given in screenshot
On connection
- Select Use SSL : NO
- Finally it would look like this.
On clients other than Mysql workbench also you can try disabling SSL
- [Django]-Python + Django page redirect
- [Django]-Django: Implementing a Form within a generic DetailView
- [Django]-What is "load url from future" in Django
1
If you still want the upgraded security features then you can consider upgrading your mysql server to 5.7.
- [Django]-Get path of virtual environment in pipenv
- [Django]-How can I call a custom Django manage.py command directly from a test driver?
- [Django]-OSError β Errno 13 Permission denied
0
I encoutered same question as well. Combine the idea from above and documents.
https://dev.mysql.com/doc/refman/5.7/en/encrypted-connection-protocols-ciphers.html#encrypted-connection-supported-protocols
Here is my thought
- Check os system openssl version and its support ssl/tls version by
$ openssl version. Check the system settings/etc/ssl/openssl.cnfas well. - Check MySQL support TLS version by
SHOW GLOBAL VARIABLES LIKE 'tls_version'; - Check your python mysql client TLS version. For my experience I am using
mysql-connector-python. Document said since 8.0.28 would not support TLS 1.1 and below. Thatβs why I cannot connect to MySQL. https://dev.mysql.com/doc/connector-python/en/connector-python-connectargs.html
In MySQL document, it mentioned TLS version which client could use should be the union set of host os TLS version and MySQL TLS version.
For example, your host only support TLS 1.1 / 1.2 and MySQL setting si TLS 1.0. There is no compatible TLS version for client.
Hope these tips could help.
- [Django]-What is the best location to put templates in django project?
- [Django]-Django: manage.py does not print stack trace for errors
- [Django]-Django: Model Form "object has no attribute 'cleaned_data'"