Persistent Python DB-API Connection Issues (SSL Error) to IRIS CE Docker despite SSL disabled

Hello,

I'm trying to connect a Python backend application to an InterSystems IRIS Community Edition instance running in a Docker container on an AWS EC2 instance. I'm facing persistent connection issues and an SSL Error despite the Superserver apparently having SSL disabled. I'm hoping for some insight into what might be causing this contradictory behavior.

My Setup:

• InterSystems IRIS: Community Edition (Docker image intersystems/iris-community:2025.1)
• Deployment: AWS EC2 (Ubuntu) instance.
• Port Mapping: Host port 9091 mapped to container port 1972 (Superserver). Host port 9092 mapped to container port 52773 (Management Portal).
• Persistent Storage: Configured and confirmed working with irisowner user and appropriate permissions.
• Python Client: Using the intersystems_irispython package (version 5.1.2) as the DB-API driver.

Symptoms and Diagnostics Performed:

1. Python Connection Error:
   • My Python script attempts to connect using iris.connect().
   • The error received is: RuntimeError: <COMMUNICATION LINK ERROR> Failed to connect to server; Details: <SSL Error>.
2. telnet Test to Superserver Port:
   • From the Python backend's EC2 instance, I ran telnet YOUR_EC2_PUBLIC_IP 9091.
   • The output shows: Connected to ... followed immediately by Connection closed by foreign host.
   • This indicates the TCP connection is established, but the server immediately drops it.
3. AWS Security Group Check:
   • Inbound rules for the IRIS EC2 instance explicitly allow TCP traffic on port 9091 from 0.0.0.0/0 (for testing, will restrict later).
   • Outbound rules from the backend EC2 instance allow all traffic.
   • Conclusion: Basic network/firewall is not blocking the connection.
4. InterSystems IRIS Management Portal (Superserver SSL Configuration):
   • I accessed System Administration > Security > Superservers > Edit Superserver 1972.
   • Under "SSL/TLS support level", the "Disabled" radio button is selected. This confirms, according to the portal, that the Superserver is NOT configured for SSL.

The Contradiction:

The primary source of confusion is that both the Python client and the telnet behavior suggest the server is expecting an SSL connection (or immediately rejecting non-SSL), despite the Management Portal explicitly showing "SSL/TLS support level: Disabled" for Superserver 1972.

Actions Taken (Python Script Variations):

• Attempted iris.connect with no sslconfig parameter (default).
• Attempted iris.connect with sslconfig=False.
• Attempted iris.connect with an ssl.SSLContext object (received sslconfig must be a string or bool error, indicating this parameter expects specific types).

My Question:

Given that the Management Portal indicates SSL is disabled for the Superserver, what could be causing the persistent <SSL Error> from the Python client and the immediate Connection closed by foreign host from telnet? Are there any other hidden configurations or common pitfalls that could lead to this behavior?

Any help or insights would be greatly appreciated!