'unsupported protocol' error when using PyMySQL

Hi, I'm having a similar issue. Mariadb server with ssl connection, I'm trying to connect a software called Superset with PyMySQL driver. Error message looks identical:

WARNING:superset.views.core:Connection failed (pymysql.err.OperationalError) (2003, "Can't connect to MySQL server on '<IP_ADDRESS>' ([SSL: UNSUPPORTED_PROTOCOL] unsupported protocol (_ssl.c:1108))")
(Background on this error at: http://sqlalche.me/e/13/e3q8)

Client running on Ubuntu 20.04

Hello Leon, Tiago, can you describe how to reproduce this problem from a bare Ubuntu installation?

Thanks

Hi Seth,

first install the server:
sudo apt install mariadb-server

then the PyMySQL:
python3 -m pip install PyMySQL

then create a ca-cert:
openssl genrsa 2048 > ca-key.pem
openssl req -new -x509 -nodes -days 3600 -key ca-key.pem -out ca-cert.pem

then run this python-test-script:
import os
import pymysql

#pymysql.connections.DEBUG = True
#pymysql._auth.DEBUG = True

host = "127.0.0.1"
port = 3306

ca = os.path.expanduser("~/ca-cert.pem")
ssl = {'ca': ca, 'check_hostname': False}

user = 'user'
passwd = 'passwd'

def test_ssl():
    con = pymysql.connect(user=user, password=passwd, host=host, port=port, ssl=ssl)
    con.close()

test_ssl()

Hi Seth,

In my case its sort of a complicated setup. We have a MariaDB running on an Ubuntu 18.04 server with SSL and ed25519. Then, I followed the instructions on the Superset documentation for manual installation (https://superset.incubator.apache.org/installation.html) and installed the software on an Ubuntu 20.04. When using the mysqldb python driver the Superset software was giving out an error and I decided to try to change to PyMySQL (since superset uses SLQAlchemy should not make a big difference). Then the error is shown when trying to connect.
I haven't tried another version of Python or Openssl.

Hi, I had the same issue but I found a solution.

I was creating a docker container based on ubuntu 20.04 and Python3.8.2. It installed openssl by default. The version from 2020-Mar-31 12:41:55 openssl-1.1.1f.tar.gz was giving me an this error: ssl.SSLError: [SSL: UNSUPPORTED_PROTOCOL] unsupported protocol (_ssl.c:1108). After looking for solutions, I found this link: https://cloudwafer.com/blog/installing-openssl-on-ubuntu-16-04-18-04/. In that link, you can find how to install openssl from the source. It shows you how to install the version from 2019-May-28 13:26:28 openssl-1.1.1c.tar.gz. First I built my container as originally and logged in and I followed the steps in the link. It solved my problem. The latest version from March 2020 was causing the issue.

I added the lines of code below when building the docker container to automate the steps. See:

RUN apt install build-essential checkinstall zlib1g-dev -y
WORKDIR /usr/local/src/
RUN wget https://www.openssl.org/source/openssl-1.1.1c.tar.gz && tar -xf openssl-1.1.1c.tar.gz
WORKDIR openssl-1.1.1c
RUN ./config --prefix=/usr/local/ssl --openssldir=/usr/local/ssl shared zlib && make && make install
COPY ./openssl-1.1.1c.conf /etc/ld.so.conf.d/
RUN ldconfig -v && mv /usr/bin/c_rehash /usr/bin/c_rehash.backup && mv /usr/bin/openssl /usr/bin/openssl.backup
ENV PATH="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/games:/usr/local/games:/usr/local/ssl/bin"

* Note that I created the openssl-1.1.1c.conf file before building the container. The file is copied from the same directory where the dockerfile is saved. Create the file with that name and paste this inside: /usr/local/ssl/lib

I hope this helps.

If you require using obsolete, deprecated, old protocols, with weak keys, and broken hash algorithms you can use these instructions to downgrade security on your systems https://discourse.ubuntu.com/t/default-to-tls-v1-2-in-all-tls-libraries-in-20-04-lts/12464/8?u=xnox