My company currently relies on ActivePerl for windows implementations, but are trying out Strawberry Perl. The only real problem we have hit is accessing MySQL when TLS 1.2 is required. We get the error "Can't connect to DB: TLS version used does not meet minimal requirements for this server. Please use a higher TLS version and retry".
The database I am trying to connect to is an Azure MySQL database that has a minimum of TLS 1.2 set.
Here is the test app I'm using as my test case:
#!/usr/bin/perl
use DBI;
my $ssl = 1; ## 1 = on, 0 = off
my $driver='mysql';
my $database = 'testdatabase';
my $hostname = '<host>';
my $port = '3306';
my $dbuid = '<user>';
my $dbpwd = '<password>';
#DBI->trace(15);
if ($ssl == 1) {
$dbh = DBI->connect("DBI:$driver:$database;host=$hostname;port=$port","$dbuid","$dbpwd", {RaiseError => 0, mysql_ssl => 1, mysql_ssl_optional => 1}) or die ("Can't connect to DB: $DBI::errstr");
}
elsif ($ssl == 0) {
$dbh = DBI->connect("DBI:$driver:$database:$hostname","$dbuid","$dbpwd", {RaiseError => 0}) or die ("Can't connect to DB: $DBI::errstr");
}
print qq~
Connection Successful!
~;
I've confirmed that if I setup the Azure MySQL instance to allow TLS 1.0 or TSL 1.1, the test program connects successfully, just not when TLS 1.2 is required (which is a regulatory requirement in this case).
I've tried Windows 2016 and 2019 to no avail and I'm using the latest version of Strawberry available. I can connect to another database with SSL disabled, so I know DBD::mysql is there and usable.
I have tried to specifically enable TLS 1.2 in the registry. My understanding is that is not necessary anymore for later versions of Windows, and that did not resolve the issue.
I'm at a loss and not sure how to get this working.
Related
I have just set up my Neo4j server on a VM on Google Cloud, I'm using Enterprise version 4.1.1, and I've have finished following the great post (here) by David Allen about how to get a certificate with LetsEncrypt.
This has all worked perfectly and I now have a fully secure Neo4j server that I can access through the browser (MYDOMAIN.COM:7473/browser) using my hostname. However, I am now having issues getting my application to connect to the server using the javascript driver.
I keep getting the following error:
Failed to connect to server. Please ensure that your database is
listening on the correct host and port and that you have compatible
encryption settings both on Neo4j server and driver. Note that the
default encryption setting has changed in Neo4j 4.0. Caused by: Server
certificate is not trusted. If you trust the database you are
connecting to, use TRUST_CUSTOM_CA_SIGNED_CERTIFICATES and add the
signing certificate, or the server certificate, to the list of
certificates trusted by this driver using neo4j.driver(.., {
trustedCertificates:['path/to/certificate.crt']}). This is a security
measure to protect against man-in-the-middle attacks. If you are just
trying Neo4j out and are not concerned about encryption, simply
disable it using encrypted="ENCRYPTION_OFF" in the driver options.
Socket responded with: ERR_TLS_CERT_ALTNAME_INVALID
I have read through the driver documentation (here) and I have added both the trust: "TRUST_CUSTOM_CA_SIGNED_CERTIFICATES" and trustedCertificates:[] settings. I downloaded all of the certificates from my server (cert.pem, chain.pem, fullchain.pem and privacy.pem) and linked to them in the trustedCertificates setting.
Unfortunately I'm still getting the same error. For reference, this is how my driver is currently configured:
// This module can be used to serve the GraphQL endpoint
// as a lambda function
const { ApolloServer } = require('apollo-server-lambda')
const { makeAugmentedSchema } = require('neo4j-graphql-js')
const neo4j = require('neo4j-driver')
// This module is copied during the build step
// Be sure to run `npm run build`
const { typeDefs } = require('./graphql-schema')
const driver = neo4j.driver(
process.env.NEO4J_URI,
neo4j.auth.basic(
process.env.NEO4J_USER,
process.env.NEO4J_PASSWORD
),
{
encrypted: process.env.NEO4J_ENCRYPTED ? 'ENCRYPTION_ON' : 'ENCRYPTION_OFF',
trust: "TRUST_CUSTOM_CA_SIGNED_CERTIFICATES",
trustedCertificates: ['../../certificates/cert.pem', '../../certificates/chain.pem', '../../certificates/fullchain.pem', '../../certificates/privkey.pem'],
logging: {
level: 'debug',
logger: (level, message) => console.log(level + ' ' + message)
},
}
)
const server = new ApolloServer({
schema: makeAugmentedSchema({ typeDefs }),
context: { driver, neo4jDatabase: process.env.NEO4J_DATABASE },
introspection: true,
playground: true,
})
exports.handler = server.createHandler()
I'm using the latest build of the driver, v2.14.4 and have enabled full logging but I'm not getting any more information than the above. I just can't figure out what I'm doing wrong - does anyone have any ideas?
I found a solution to this problem - I had a look at the documentation (here)and found that I needed to update my NEO4J_URI from bolt://SO.ME.IP.ADDRESS:7687 to neo4j://MYDOMAIN.COM:7687. Now I've done this all is working as expected.
I've been trying to establish a connection to an MS Access database I have on my local hard drive using FreeTDS and UnixODBC. My ultimate goal is to open the connection in R via RODBC and implement some SQL scripts developed for this specific database to extract data. I've followed advice from this page (How do I install RODBC on Mac OS X Yosemite with unixodbc and freetds?), but am still having trouble.
When I implement isql in terminal I get the following error message.
[S1000][unixODBC][FreeTDS][SQL Server]Unable to connect to data source
[01000][unixODBC][FreeTDS][SQL Server]Unknown host machine name.
[ISQL]ERROR: Could not SQLConnect
I'm assuming my error is in how I've identified the host in my various setup files, which are as follows.
freetds.conf
[global]
; tds version = 8.0
; dump file = /tmp/freetds.log
; debug flags = 0xffff
; timeout = 10
; connect timeout = 10
text size = 64512
[my_db]
# insert the actual host below
host = My_computer_name.local
port = 1433
tds version = 8.0
odbc.ini
[my_db]
Driver = MSSQL
Servername = My_computer_name.local
Port = 1433
Database = /filepath_to_db/my_db.mdb
TDS_Version = 8.0
odicinst.ini
[MSSQL]
Description = Microsoft SQL Server driver
Driver = /usr/local/Cellar/freetds/1.00.39/lib/libtdsodbc.so
Setup = /usr/local/Cellar/freetds/1.00.39/lib/libtdsodbc.so
FreeTDS is for connecting to Microsoft SQL Server and Sybase databases. It is not designed to work with Microsoft Access databases.
I have a problem with my application.
I use Symfony 2.8.4 and in vendors list I ave besimmple/sso-auth-bundle, in last version.
I have an application on an old centos server with php 5.3.3 which work, but with symfony 2.5, I have to upgrade symfony.
On dev plateform ( winw 10 + wamp 2.4) my application work : besimple can authanticate on my CAS server, no pb. But on my new server, centos 7, php 5.4.16 it doesn't work I got this exception :
Cannot communicate securely with peer: no common encryption algorithm(s).
500 Internal Server Error - RequestException
Stack Trace
in vendor/kriswallsmith/buzz/lib/Buzz/Client/Curl.php at line 31 -
$errorMsg = curl_error($this->lastCurl);
$errorNo = curl_errno($this->lastCurl);
$e = new RequestException($errorMsg, $errorNo);
$e->setRequest($request);
throw $e;
I have an another application, GLPI on this server which use curl to, and it works.
I don't know what to do and I my application he's up to be in production.
I tried to change curl_opt in with CIPHER_LIST like that :
curl_setopt($this->lastCurl , CURLOPT_SSL_CIPHER_LIST, 'ecdhe_rsa_aes_128_gcm_sha_256');
but I've got this error :
Cannot connect: SSL is disabled.
500 Internal Server Error - RequestException
Stack Trace
in vendor/kriswallsmith/buzz/lib/Buzz/Client/Curl.php at line 31 -
$errorMsg = curl_error($this->lastCurl);
$errorNo = curl_errno($this->lastCurl);
$e = new RequestException($errorMsg, $errorNo);
$e->setRequest($request);
throw $e;
Can you help me ?
PS : i'm trying to put the application on an other server, with debien to see if the problem comes with my distribution.
I answer myself.
I was requesting the CAS server through an old pfsense reverse proxy. I updated the pfsesnse to the last version (2.3.2) and all it's ok now.
Don't forget tu use this config for BeSimpleSso :
be_simple.sso_auth.client.option.curlopt_ssl_version.value: 1
be_simple.sso_auth.client.option.curlopt_ssl_verifypeer.value: false
I have a python script running on python 2.7 in CentOS 2.6 that connects to a Sql erver database:
pyodbc.connect("DRIVER=FreeTDS;SERVER=someServer;DATABASE=someDb;UID=myUser;PWD=superSecret;CHARSET=UTF8;TDS_Version=7.2")
That call will fail with the following: pyodbc.Error: ('08001', '[08001] [unixODBC][FreeTDS][SQL Server]Unable to connect to data source (0) (SQLDriverConnect)')
The freetds trace will say login.c:436:invalid port number
Adding PORT=1433; will cause the connection to succeed even though that is the default port number, and I added the following to my freetds.conf:
[global]
# TDS protocol version
tds version = 7.0
port = 1433
How do I make FreeTDS try port 1433 as the default port so I don't have to set it in the query string?
Instead of this, as you noted:
pyodbc.connect("DRIVER=FreeTDS;SERVER=someServer;DATABASE=someDb;UID=myUser;PWD=superSecret;CHARSET=UTF8;TDS_Version=7.2")
...you could put these values in your connection string, like this:
pyodbc.connect("DRIVER={FreeTDS};SERVER=someServer;PORT=1433;DATABASE=someDb;UID=myUser;PWD=superSecret;TDS_Version=7.2;CHARSET=UTF8")
For your freetds.conf configuration:
[global]
client charset = UTF-8
tds version = 7.2
[someServer]
host = someServer
port = 1433
tds version = 7.2
Both ways have always worked for me.
On a side note, I've started using this driver, made by Microsoft specifically for RedHat and CentOS (although I don't know if it will work on a version as old as yours):
https://msdn.microsoft.com/en-us/library/hh568451%28v=sql.110%29.aspx
Best of luck!
Can it be done: Reading data stored in an MS Access (.accdb) database, from within Shiny apps running on Ubuntu Shiny server?
We have no knowledge of SQL Server Express. We have our data organized in simple MS Access databases, and want to deploy our Shiny apps (who visualize this data) on an Ubuntu Shiny server.
It all works on our local Windows machines, but how to make it also work with an Ubuntu Shiny server?
I understand that with our minimal knowledge of database systems, it is not straightforward to go porting our databases to SQL Server Express.
Thanks in advance for your expertise!
I had a bit of a job setting this up myself. I had to take info from several sources to get all the required packages – the following is a list of good info sources:
http://guywyant.info/log/206/connecting-to-ms-sql-server-from-ubuntu/
http://driftharmony.wordpress.com/2008/08/15/connecting-ubuntu-804-to-microsoft-sql-server/
https://code.google.com/p/django-pyodbc/wiki/FreeTDS
FreeTDS working, but ODBC cannot connect
The 3 files were ultimately configured thus:
Detail of file: /etc/odbc.ini
[NameThis]
Driver = FreeTDS
TDS_Version=8.0
Servername = YourServer
Port = 1433
Database = testing
Trace = No
Detail of file: /etc/odbcinst.ini
[FreeTDS]
Description = FreeTDS
Driver = /usr/lib/x86_64-linux-gnu/odbc/libtdsodbc.so
Detail of file: /etc/freetds/freetds.conf
# $Id: freetds.conf,v 1.12 2007/12/25 06:02:36 jklowden Exp $
# This file is installed by FreeTDS if no file by the same name is found in the installation directory.
# For information about the layout of this file and its settings, see the freetds.conf manpage "man freetds.conf".
# Global settings are overridden by those in a database server specific section
[global]
# TDS protocol version
; tds version = 4.2
# Whether to write a TDSDUMP file for diagnostic purposes
# (setting this to /tmp is insecure on a multi-user system)
; dump file = /tmp/freetds.log
; debug flags = 0xffff
# Command and connection timeouts
; timeout = 10
; connect timeout = 10
# If you get out-of-memory errors, it may mean that your client
# is trying to allocate a huge buffer for a TEXT field. Try setting 'text size' to a more reasonable limit
text size = 64512
# Test Kx
[NameThis]
host = YOUR IP
port = 1433
tds version = 7.2