最近的强化标准使我们禁用了 TLS 1.0 和 1.1。
TLS 1.0 和 1.1 的注册表设置:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.0\Client
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.1\Client
现在下面的代码:
from sqlalchemy import create_engine
db = create_engine(
"mssql+pyodbc://__OUR_SERVER_NAME__/__OUR_DATABSE_NAME__?driver=SQL+Server+Native+Client+11.0&Trusted_Connection=yes&Encrypt=yes&TrustServerCertificate=Yes&ssl=True",
connect_args={
# 'sslmode': 'require', # did not work
# 'tls-version': 'tls1.2', # did not work
# 'ssl': True, # did not work
},
echo=True,
)
with db.begin() as conn:
conn.execute("SELECT TOP 5 * FROM sys.tables")
将在 db.begin()
上抛出此异常:Exception has occurred: OperationalError (pyodbc.OperationalError) ('08001', '[08001] [Microsoft][SQL Server Native Client 11.0]Encryption not supported on the client. (21) (SQLDriverConnect); [08001] [Microsoft][SQL Server Native Client 11.0]SSL Provider: The client and server cannot communicate, because they do not possess a common algorithm.\r\n (-2146893007); [08001] [Microsoft][SQL Server Native Client 11.0]Client unable to establish connection (21); [08001] [Microsoft][SQL Server Native Client 11.0]Invalid connection string attribute (0); [08001] [Microsoft][SQL Server Native Client 11.0]A network-related or instance-specific error has occurred while establishing a connection to SQL Server. Server is not found or not accessible. Check if instance name is correct and if SQL Server is configured to allow remote connections. For more information see SQL Server Books Online. (-2146893007)')
TLS 1.2 已启用,并且可以与同一客户端服务器上的 Azure Data Studio 一起正常工作。
甚至 python 显示 openssl 版本是合理的:
import ssl
print(f'SSL Version = {ssl.OPENSSL_VERSION}')
输出:SSL Version = OpenSSL 1.1.1d 10 Sep 2019
python 版本:python --version
Python 3.7.6
我试过查看 SSLContext
但似乎找不到如何使它与 一起工作SqlAlchemy .任何帮助将不胜感激!!!
可能重复的问题(信息较少):Connecting to SQL Server using pyodc with TLS 1.2
最佳答案
进一步调查显示 ODBC 驱动程序存在问题。
该应用程序位于 Windows Server 2012 上,带有 ODBC 版本:
SQL Server Native Client 11.0
Version:
2011.110.3000.00
Date: 10/20/2012
更新驱动到
ODBC Driver 17 for SQL Server
使用新的连接字符串:from sqlalchemy import create_engine
db = create_engine(
"mssql+pyodbc://__OUR_SERVER_NAME__/__OUR_DATABSE_NAME__?driver=ODBC+Driver+17+for+SQL+Server&Trusted_Connection=yes&Encrypt=yes&TrustServerCertificate=Yes&ssl=True",
connect_args={
# 'sslmode': 'require', # did not work
# 'tls-version': 'tls1.2', # did not work
# 'ssl': True, # did not work
},
echo=True,
)
关于python - [SqlAlchemy][mssql][tls1.2] 如何使用 Windows 中的 pyodbc 为连接到 MS SQL Server 的 SqlAlchemy 强制实现 TLS 1.2?,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/65170526/