I'm working on establishing a connection to a database server without encryption, as TLS isn't supported by the database system. Currently, I'm using isql to validate the connection:
isql -v -k "Driver={Driver SQL Server};Server=mysql-server;Database=DATABASE;UID=user;PWD=pwd;"
However, I encountered an issue with error code 0x2746, indicating the absence of TLS support. After researching online, it seems that reducing the SECLEVEL to 0 in /etc/ssl/openssl.cnf resolves the problem:
[system_default_sect]
CipherString = DEFAULT@SECLEVEL=0
After rebooting, the connection works fine. But setting the SECLEVEL to 0 system-wide isn't ideal for obvious reasons. Instead, I'd prefer a per-connection configuration. So, I attempted the following:
[system_default_sect]
CipherString = DEFAULT@SECLEVEL=2
[mysql-server]
CipherString = DEFAULT@SECLEVEL=0
However, this produces the same error as mentioned at the beginning of this post. Any insights or suggestions on achieving per-connection configuration without compromising system security would be greatly appreciated.
Thanks!
You can create a copy of the system OpenSSL config file and make your changes to the SECLEVEL in the copy.
When running your application that needs to use the amended config file set the
OPENSSL_CONFenvironment variable to point at your new config file.e.g.