I use SQL Server on Azure and I make a bulk insert with Python but I constantly get error. How can I solve the problem?
Error : TCP Provider, error: 0 - An existing connection was forcibly closed by the remote host
Best,
Thanks
As per the Microsoft official document, this error message returned when the secure TLS handshake is negotiated between the client and the server by using TLS_DHE cipher suite.
To fix this issue, make sure that both the client and server involved in a connection are running Windows that have the leading zero fixes for TLS_DHE installed. It's recommended to install the updates since they enhance the conformance to TLS_DHE specifications.
If you can't update the windows, a workaround is available here.
Related
I've been trying to connect to a MySQL database remotely but I keep getting the error:
2055: Lost connection to MySQL server at 'local.mysql.database.azure.com:3306', system error: 1 [SSL: WRONG_VERSION_NUMBER] wrong version number (_ssl.c:1045)
Using the exact same connection details I am able to connect to the database through MySQL Workbench and through Node. For some reason the connection won't go through in python.
This user's as not created to require SSL.
I've been trying to figure out the problem but I'm drawing blanks.
Below is my python login block.
config = {
'host':'local.mysql.database.azure.com',
'user':'user#local',
'password':'password',
'database':'random_db'
}
I've been able to connect to a MySQL instance on the Google Cloud Platform with the exact same connection block but it doesn't work for the Azure connection. I've looked for differences between the two platforms which could have caused this and the only thing I could find was that the Azure MySQL version was 5.7.32log while the GCP was 8.0.18.
I am also currently running python 3.7.0, not sure if that changes anything.
Is there another module I could use if that is the problem, or do I need to downgrade something? I have no idea.
According to this 5.7.29 is the latest 5.7 supported so 5.7.32 would give wrong version error.
according to pytds connect documentation we have a way to provide here path to cafile to enable TLS when connecting to Microsoft SQL server. good.
I am not python specialist, what are the other ways to enable TLS using other python database drivers ?
pyodbc, (would it be located on the odbc driver config level) ?
adodbapi...
on windows the certificates are automatically found in repository, it's not the case on unix
the answers provided here are not complete enough concerning TLS in the connection string
(the finality is to use Robotframework-Database-Library to connect to MSSQL enabling only TLS v1.2 connection)
thanks
I'm using the Neomodel lib and I can't find anything in the documentation to properly close the connection to the DB. Have I missed something or is there a way to access the underlying connection and close that?
When existing the python program an open connection will generate following errors:
Failed to write data to connection Address(host='localhost', port=7687) (Address(host='127.0.0.1', port=7687)); ("0; 'Underlying socket connection gone (_ssl.c:2263)'")
Failed to write data to connection Address(host='localhost', port=7687) (Address(host='127.0.0.1', port=7687)); ("0; 'Underlying socket connection gone (_ssl.c:2263)'")
Update: Found bug registered regarding this issue Underlying socket connection gone? #474
I have been using Neo4j with Docker and the latest version (3.5.11) and had the same issue. Downgrading to the 3.4.15 Docker image fixed this issue and a couple of other issues (broken pipe) for me, so seems like this is related to the Neo4j version in use?
I am trying to connect to DB2 using python module ibm_db with SSL and I get the following error
conn = ibm_db.connect("DATABASE=myDB;HOSTNAME=xx.xx.xxx.xxx;PORT=nnn;PROTOCOL=TCPIP;SECURITY=SSL;SSLServerCertificate=./myFile.arm;UID=<username>;PWD=<password>;","","")
stmt = ibm_db.exec_immediate(conn, "delete from myschema.mytable")
I get the following exception
Exception: [IBM][CLI Driver] SQL30081N A communication error has been detected. Communication protocol being used: "SSL". Communication API being used: "SOCKETS". Location where the error was detected: "". Communication function detecting the error: "sqlccSSLSocketSetup". Protocol specific error code(s): "414", "*", "*". SQLSTATE=08001 SQLCODE=-30081
I have spent several hours trying to debug. Can't make any progress here
Any help will be appreciated.
Tinniam,
How is your gskit keystore (i.e. .kdb) and stash file (i.e. .sth file - file storing encrypted password for the keystore) created?
Was it creating locally with the same version on the client machine or was it created by someone on other machine that has a different version of gskit?
There is a known gskit incompatibility issue ( http://www-01.ibm.com/support/docview.wss?uid=swg22014693). A stash file generated with version GSKit 8.0.50.69 and newer versions cannot be read by lower version and it will return exactly gskit 414 error.
Check the gskit on where your keystore and stash file are created and the version that the client is using. There is a gsk8ver_64 tool in sqllib/gskit/bin to tell you the version.
If indeed, you have hit the incompatibility issue, you need to either upgrade your client to use the version of Db2 that has gskit on the newer boundary release OR: find an older version of Db2 server such as 10.5 fp9 and generate a new keystore and stash file with the lower version of gskit.
NOTE: newer version of gskit can read stash created by lower version. But stash file created by 8.0.50.69 and newer versions is not readable by gskit version that is lower than 8.0.50.69 release.
Hope this help solve your issue.
Kevin See
Db2 Hybrid Cloud Security Team
I had the same issue today while opening an SSL connection from a Db2 Client to a Db2 server.
SQL30081N with error code 414. Db2 docs pointed to this https://www.ibm.com/support/knowledgecenter/en/SSVJJU_6.3.0/com.ibm.IBMDS.doc/progref506.htm and the hint was
414 – Incorrectly formatted certificate received from partner.
We figured out sometime later, we have just imported the public key of our server into the client trust keyring. Correct is to import only the public keys of the root server and the intermediate server into the client trust store. You do not need to import the server public key (signed by the intermediate server) into the client trust store.
I hope, the original poster has already found a solution and I just wanted to leave here my solution for the next person with the same issue.
I would recommend to investigate how the SSL / TLS communication is configured, how the certificate is managed.
The SSL-specific error is documented as GSKit issue related to certificates. You probably have checked the recommendations for the error SQL30081N. The error SQL30081N even has protocol-specific details for the error codes.
I have a NodeJS-socketIO server that has clients listening from JS, PHP & Python. It works like a charm when the communication happens over plain HTTP/WS channel.
Now, when i try to secure this communication, the websocket transport is not working anymore. It falls back to xhr-polling(long polling) transport. Xhr-polling still works for JS client but not on python which purely depends on socket transport.
Things i tried:
On node, Using https(with commercial certificates) instead of http - Works good for serving pages via Node but not for socketIO
Proxy via HAProxy (1.15-dev19). From HTTPS(HAProxy) to HTTP(Node). Couldn't get Websocket transport working and it falls back to xhr-polling on JS. Python gets 502 on handshake.
Proxy via STunnel (for HTTPS) -> HAProxy(Websocket Proxy) -> Node(SocketIO) - This doesnt work either. Python client still gets 502 on handshake.
Proxy via Stunnel(HTTPS) -> Node(SocketIO) - This doesnt work too. Not sure if STunnel support websocket proxy
node-http-proxy : Throws 500(An error has occurred: {"code":"ECONNRESET"}) on websocket and falls back to xhr-polling
Im sure its a common use case and there is a solution exist. Would really appreciate any help.
Thanks in advance!
My case seems to be a rare one. I built this whole environment on a EC2 instance based on Amazon Linux. As almost all the yum packages are not up to date, i had to install pretty much every yum packages from source. By doing so i could have missed configuration unchanged/added. Or HAProxy required lib could have been not the latest.
In any case, i tried building the environment again on ubuntu 12.04 based EC2 instance. HAProxy worked like a charm with a bit of configuration tweaks. I can now connect my SocketIO server from JS, Python & PHP over SSL without any problem. I could also create a Secured TCP Amazon ELB that listens on 443 and proxy it to non-standard port (8xxx).
Let me know if anyone else encounters a similar problem, I will be happy to help!