TLS with Python Clients

Configuring Python Clients to Use TLS with InterSystems IRIS

You can configure a Python client application to use TLS when it communicates with InterSystems IRIS® data platform. To establish a Python connection using TLS:

1. Configure the superserver to use TLS as described in Configuring the InterSystems IRIS Superserver to Use TLS.

2. Ensure that you have installed any relevant CA certificates for verifying the server certificate.

3. Configure the Python client based on your version. Versions 5 and 4 both use the SSLDefs.ini file for the SSL configuration. For more information on how to configure this file, see Connecting from a Windows Client Using a Settings File.

   The following example creates a connection between a Python client application and InterSystems IRIS. The SSLDefs.ini file that supplies the SSL configurations appears below.

   V5 and V4

    import iris
    
    connection =  iris.connect("127.0.0.1", 1972, "user", "_SYSTEM", "SYS", 10000, sslconfig="GDConfig")
    
    
    connection.close()
   

   

Below is an example of the SSLDefs.ini file for a Python client configuration as used in the code above:

[IRIS]
Address=127.0.0.1
Port=1972
SSLConfig=GDConfig
 
[GDConfig]
TLSMinVersion=16
TLSMaxVersion=32
KeyType=2
VerifyPeer=0
CipherList=ALL:!aNULL:!eNULL:!EXP:!SSLv2
Ciphersuites=TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256
Password=apasswordifany
CertFile=path/to/Cert.pem
KeyFile=path/to/Key.pem
CAfile=path/to/CACert.pem
 
[GDConfig2]
TLSMinVersion=16
TLSMaxVersion=32
KeyType=2
VerifyPeer=0
CipherList=ALL:!aNULL:!eNULL:!EXP:!SSLv2
Ciphersuites=TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256
Password=apasswordifany
CertFile=path/to/AnotherCert.pem
KeyFile=path/to/AnotherKey.pem
CAfile=path/to/AnotherCACert.pem

TLS_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256