python连接mysql失败_Python连接到MySQL失败，错误为“dh key too small”

在撰写本文时，使用mysql连接器python 2.1.4来自Oracle的纯python模块（您使用的是2.1.3版本的fork）支持连接字符串中未记录的连接配置kwargssl_cipher（因为它基本上会将其传递给python的ssl模块）。因此，从密码列表中去掉所有Diffie-Hellman密码，就可以解决这个问题了，这取决于mysql服务器是否支持非Diffie-Hellman密码。以下是针对MySQL 5.6.17-65.0-rel65.0-log的官方python2.7.12amd64 win32。注意：这只在处理模块的纯python版本时才起作用！。如果使用编译后的C扩展模块，它可能不接受ssl_cipher，YMMV。在import mysql.connector

import getpass

dsn = {

'database': 'INFORMATION_SCHEMA',

'host': 'mysqlserver',

'port': '3306',

'ssl_ca': '',

# ^^^ this sets cert_reqs = ssl.CERT_NONE

# in mysql/connector/network.py:415

# so no server cert verification is attempted

'use_pure': True

# setting ssl_cipher may only work with the pure python driver

# but this is the default anyway

}

dsn['user'] = raw_input('Enter Username: ')

dsn['password'] = getpass.getpass('Enter password: ')

try:

dbconn = mysql.connector.connect(**dsn)

# this will raise the 'Weak DH key' exception

except mysql.connector.errors.InterfaceError as e:

print e

dsn['ssl_cipher'] = 'HIGH:!DH:!aNULL'

# this is a standard openssl ciphersuite string

# where !DH and !aNULL means don't use any DH ciphers or null ciphers

# this option is officially undocumented

try:

dbconn = mysql.connector.connect(**dsn)

except mysql.connector.errors.InterfaceError:

raise

else:

assert isinstance(dbconn, mysql.connector.connection.MySQLConnection)

香肠是怎么做的

在mysql connector python 2.1.4中，模块源代码中的以下行显示了这一点的工作原理：

mysql/connector/abstracts.py: Lines 298 - 313:

^{pr2}$

然后在mysql/connector/connection.py lines 130-134：if client_flags & ClientFlag.SSL and ssl_options:

packet = self._protocol.make_auth_ssl(charset=charset,

client_flags=client_flags)

self._socket.send(packet)

self._socket.switch_to_ssl(**ssl_options)

_socket.switch_to_ssl()位于mysql/connector/network.py lines 406-421：def switch_to_ssl(self, ca, cert, key, verify_cert=False, cipher=None):

"""Switch the socket to use SSL"""

if not self.sock:

raise errors.InterfaceError(errno=2048)

try:

if verify_cert:

cert_reqs = ssl.CERT_REQUIRED

else:

cert_reqs = ssl.CERT_NONE

self.sock = ssl.wrap_socket(

self.sock, keyfile=key, certfile=cert, ca_certs=ca,

cert_reqs=cert_reqs, do_handshake_on_connect=False,

ssl_version=ssl.PROTOCOL_TLSv1, ciphers=cipher)

self.sock.do_handshake()