Intro
In my previous blog post I told you to use SSL/TLS to secure your MySQL network connections. So I followed my advice and did enable SSL. Great!
So first let's quickly verify that everything is working.
So you enabled SSL with mysql_ssl_rsa_setup, used a
OpenSSL based build or put ssl-cert,
ssl-key and ssl-ca in the mysqld
section of your /etc/my.cnf and now show global variables
like 'have_SSL'; returns 'YES'.
And you have configured the client with
--ssl-mode=PREFERRED. Now show global status
like 'Ssl_cipher'; indicates the session is indeed
secured.
You could also dump traffic and it looks 'encrypted' (i.e. not readable)...
With SSL enabled everything should be safe isn't it?
The handshake …
[Read more]