Support for passing additional SSL cipher suites for TLS connections #259

hvardhan20 · 2023-11-24T18:58:16Z

Describe your new request in detail
Currently, oracledb uses only default cipher suites provided by python's SSLContext to make TLS connections. This limits connectivity to legacy Oracle DBs that use older Cipher suites like SSL_RSA_WITH_AES_256_CBC_SHA(AWS RDS's default cipher) which is not included in python's default security context.
We need a way to pass additional SSL cipher suites for establishing TLS connections. This could be done in multiple ways(Pass SSLContext to connect(), CIPHER_SUITES env var, etc).
Give supporting information about tools and operating systems. Give relevant product version numbers
This enhancement supports DBs using older Cipher suites for TLS.

anthony-tuininga · 2023-11-25T04:51:06Z

I have pushed a patch that should implement this enhancement. If you are able to build from source you can verify that it works for you.

hvardhan20 · 2023-11-25T06:11:20Z

I have pushed a patch that should implement this enhancement. If you are able to build from source you can verify that it works for you.

Works well! Thanks for the quick turn around!

anthony-tuininga · 2023-12-19T23:14:35Z

The patch has been included in version 2.0.0 which was just released.

hvardhan20 added the enhancement New feature or request label Nov 24, 2023

anthony-tuininga added a commit that referenced this issue Nov 25, 2023

Added new parameter "ssl_context" as suggested (#259).

fdbecac

anthony-tuininga added the patch available label Nov 25, 2023

anthony-tuininga closed this as completed Dec 19, 2023

Provide feedback