The latest patch applied to the oracle rotate password routines broke support for higher encryption routines on oracle databases.

# Thick client to match functionality of cx_oracle oracledb.init_oracle_client() 

We have a requirement to disallow weak crypto on our databases. When this is set the native oracle libaraies in python are unable to connect to the database. You mush initialize the oracle libraries and use the native oracle oci libraries that are 19.12 or newer. I'm not sure if/how this interacts with the ssl connections to the database as we don't use those.

You should be able to cause this same issue by setting the following in your sqlnet.ora on the server side.

SQLNET.ALLOW_WEAK_CRYPTO_CLIENTS=FALSE SQLNET.CRYPTO_CHECKSUM_SERVER=required SQLNET.ENCRYPTION_SERVER=required SQLNET.ALLOWED_LOGON_VERSION_SERVER=12a