psycopg2.OperationalError: FATAL: unsupported frontend protocol 1234.5679: server supports 2.0 to 3.0

Question

I\'m using Macbook

Psycopg2 works well when connecting the localhost db (PostgreSQL on Mac). The error was raised when I tried to connect PostgreSQL db on a Windows1

Answer 1

Using PostgresSQL 13.0 I had the same problem, displaying the error messages:

 unsupported frontend protocol 255.255: server supports 2.0
 unsupported frontend protocol 0.0: server supports 2.0 to

according to this site it postgresql.org deals with the SSL / GSS Protocol Negotiation Problem. Which should already be resolved in Postgres version 12.0

I was able to solve it following the guidelines contained in these sites: highgo.ca

In the postgres terminal, I executed the command below setting the environment variable gssencmode = disable and the problem was solved:

  psql -h localhost -U postgres -d "dbname=belez gssencmode=disable";

Answer 2

Adding ?gssencmode=disable to the connection string worked for me:

import pyodbc
from sqlalchemy import create_engine

engine = create_engine(f'postgresql://{user}:{password}@localhost:5432/database_name?gssencmode=disable')

Answer 3

Getting a similar error working with Laravel and Postgres. Solved it by putting this in my .env file: PGGSSENCMODE=disable

Answer 4

In order to have a SSL connection working and using certificates, you can disable GSS connection mode to avoid the client to attempt to connect with GSS and directly try a SSL connection (Postgres version 12 < 12.3, I had no such issues with a test on version 11).

Below an example with the verify-ca option, providing filenames for certificates and key (example names from GCP Cloud SQL, running Postgres 12.1 when posted).

   from sqlalchemy import create_engine

   db_user = 'user'
   db_pwd = 'secret'
   db_host = 'hostname'
   db_port = '5432'
   db_name = 'test'

   cnn = f'postgresql://{db_user}:{db_pwd}@{db_host}:{db_port}/{db_name}'
   ssl_args = {
       'gssencmode': 'disable',
       'sslmode': 'verify-ca',
       'sslrootcert': 'server-ca.pem',
       'sslcert': 'client-cert.pem',
       'sslkey': 'client-key.pem',
   }
   
   engine = create_engine(cnn, connect_args=ssl_args)

This engine can then be used with pandas for example:

   df.to_sql('my_table', con=engine)

Answer 5

1234.5679 is the special code sent by the client to request SSL-encrypted database connections, and support for that has been in PostgreSQL since commit e0e7daef6da in 1999. But your PostgreSQL cannot be that old, because support for protocol version 3.0 was not added before 2003.

Actually, from studying src/backend/postmaster/postmaster.c and reading the mailing list, this is a bug on the PostgreSQL server:

The client must be configured to try GSS authentication, and when the server rejects, it wants to negotiate an SSL connections, but the server doesn't expect that at this point; hence the error.

See the discussion here. The bug has been fixed with release 12.3.

As a workaround, disable either GSS authentication or SSL negotiation on the client.

In psycopg2, disabling SSL is done by using sslmode="disable" in the connection string, and disabling GSS is done with gssencmode="disable". See the documentation for details.