I'm trying to connect my django app to a SQL Server instance.
In development I'm using a sqlsrv created with a docker image and everything work just fine.
In production I have a connection issue:
(('08001', '[08001] [Microsoft][ODBC Driver 17 for SQL Server]SSL Provider: [error:0A00014D:SSL routines::legacy sigalg disallowed or unsupported] (-1) (SQLDriverConnect)'))
The OpenSSL version of my Docker container with Django is: OpenSSL 3.0.11 19 Sep 2023 (Library: OpenSSL 3.0.11 19 Sep 2023)
The SQL Server version is: Microsoft SQL Server 2014 - 12.0.4100.1 (X64) Standard Edition (64-bit) on Windows NT 6.3
The database settings (settings.py file) are:
DATABASES = {
'default': {
...
},
'mssql_db': {
"ENGINE":os.environ.get("MSSQL_ENGINE", ""),
"NAME": os.environ.get("MSSQL_DB_NAME", ""),
"USER": os.environ.get("MSSQL_USER", ""),
"PASSWORD": os.environ.get("MSSQL_PASSWORD", ""),
"HOST":os.environ.get("MSSQL_HOST", ""),
"PORT": os.environ.get("MSSQL_PORT", ""),
'OPTIONS': {
'driver': os.environ.get("MSSQL_OPTIONS", ""),
'MARS_Connection': 'True',
'SSL Mode': 'require',
},
}
}
I've added the following lines, but nothing changed:
'MARS_Connection': 'True',
'SSL Mode': 'require',
I've checked the credentials I use and they're correct, also can't find any strange settings of the SQL Server, from Microsoft SQL Server Management Studio.
/usr/bin/openssl version -awhat output do you see? If you executeSELECT @@VERSIONon your SQL Server what output do you see? (Please Edit that both sets of information into your question.) – Janitoropenssl version -aincludes a lot more information, such as the build flags used to compile it, but I think it's fair to say that OpenSSL 3 doesn't support TLS 1.0 or TLS 1.1 protocols out of the box any more. Since you're using SQL Server 2014 SP1 you're missing out on over eight years' worth of service packs and cumulative updates, some of which add TLS 1.2 support. – Janitor