Planet MySQL

Displaying posts with tag: MySQL SSL (reset)

Sep

2018

Configuring and Managing SSL On Your MySQL Server

Posted by ScaleGrid.io on Tue 18 Sep 2018 15:31 UTC
Tags:

sql, Security, Developer, mysql server, howto, mysql client, MySQL, MySQL SSL, Managing MySQL, MySQL Configurations, Connecting to MySQL Server, Default SSL Configuration, Disabling SSL, Disabling SSL in MySQL, Encrypted Network Connection, Enforcing SSL, Enforcing SSL in MySQL, MySQL Data Directory, MySQL Default, MySQL Hosting, MySQL Replication Setup, mysqld error log, Server Certificates, SSL Considerations for Replication Channels

In this blog post, we review some of the important aspects of configuring and managing SSL in MySQL hosting. These would include the default configuration, disabling SSL, and enabling and enforcing SSL on a MySQL server. Our observations are based on the community version of MySQL 5.7.21.

Default SSL Configuration in MySQL

By default, MySQL server always installs and enables SSL configuration. However, it is not enforced that clients connect using SSL. Clients can choose to connect with or without SSL as the server allows both types of connections. Let’s see how to verify this default behavior of MySQL server.

When SSL is installed and enabled on MySQL server by default, we will typically see the following:

Presence of *.pem files in the MySQL data directory. These are the various client and server certificates and keys that are in …

[Read more]

Jun

2017

SSL Connections in MySQL 5.7

Posted by MySQL Performance Blog on Tue 27 Jun 2017 21:16 UTC
Tags:

Security, connections, SSL, encryption, MySQL, MySQL SSL, 5.7

This blog post looks at SSL connections and how they work in MySQL 5.7.

Recently I was working on an SSL implementation with MySQL 5.7, and I made some interesting discoveries. I realized I could connect to the MySQL server without specifying the SSL keys on the client side, and the connection is still secured by SSL. I was confused and I did not understand what was happening.

In this blog post, I am going to show you why SSL works in MySQL 5.7, and it worked previously in MySQL 5.6.

Let’s start with an introduction of how SSL worked in 5.6.

SSL in MySQL 5.6

The documentation for SSL in MySQL 5.6 is quite detailed, and it explains how SSL works. But first let’s make one thing …

[Read more]

Jan

2012

Setting up MySQL SSL on Multiple Machines

Posted by Chris Calender on Thu 26 Jan 2012 00:05 UTC
Tags:

openssl, SSL, MySQL, MySQL SSL, how to set up ssl for mysql, how to setup ssl for multiple servers, openssl -batch, setup ssl for multiple mysql instances

Managing SSL certificates for MySQL can be somewhat of a pain, especially when setting it up on multiple machines.

I looked around on the web, and didn’t really run into any mentions of how to do this for multiple machines, so I dug into it a bit more.

If you’ve created the certificates before, you’ll know you get prompted for various bits of information during a couple of the steps (country, state, email).

However, this can be by-passed by using the -batch option with the openssl command.

So, to set this up for multiple servers, just loop through the following 5 commands for your servers:

cd C:\mysql\certs
openssl genrsa 2048 > ca-key.pem
openssl req -new -x509 -nodes -days 3600 -batch -key ca-key.pem > ca-cert.pem
openssl req -newkey rsa:2048 -days 3600 -batch -nodes -keyout server-key.pem >
        server-req.pem
openssl x509 -req -in server-req.pem -days 3600 -CA ca-cert.pem
        -CAkey …

[Read more]

Nov

2011

Setting Up SSL For MySQL

Posted by Chris Calender on Sat 19 Nov 2011 04:47 UTC
Tags:

status, openssl, MySQL, ca-cert.pem, client-cert.pem, client-key.pem, MySQL SSL, REQUIRE SSL, server-cert.pem, server-key.pem, ca-key.pem, client-req.pem, have_openssl, have_ssl, mysql ssl linux, mysql ssl windows, REQUIRE, REQUIRE CIPHER, REQUIRE ISSUER, REQUIRE SUBJECT, REQUIRE X509, server-req.pem, ssl mysql, ssluser@localhost, ssl_ca, ssl_capath, ssl_cert, ssl_cipher, ssl_key

I often get asked how to set up and use SSL with MySQL, especially on Windows – I think largely because the manual step-by-step is more geared towards Linux users (though this “how-to” is valid for all – anyone can copy/paste the commands after changing the paths).

So I’ve compiled a concise, yet comprehensive, how-to that I wanted to share with everyone out there who wants to set this up quickly and efficiently.

And for those who haven’t done it, setting up SSL can often seem intimidating, so I want to dispell that myth while I’m at it, and show you how quick and easy it can be to set up SSL for MySQL.

For one, I should mention that I’m using a version where SSL is ‘available’, just ‘DISABLED’ (some versions can be compiled w/out ssl support – so those would not work):

mysql> show global …

[Read more]

Oct

2011

MySQL SSL Users: BEWARE This Bug

Posted by Chris Calender on Tue 18 Oct 2011 19:55 UTC
Tags:

bug, SSL, skysql, cipher, MySQL, ca-cert.pem, Cipher in use, client-cert.pem, client-key.pem, mysql security bug, MySQL SSL, mysql ssl on windows, REQUIRE SSL, security bug, server-cert.pem, server-key.pem, ssl-ca, ssl-cert, ssl-key

If you’re using MySQL and SSL, you might want to glance over this article and give your setup a quick test.

I’ve uncovered an alarming bug in 5.5 where one could gain access to your MySQL instance just knowing the username and password (not having any SSL certificate, key, etc.)!

Of course, I’ve filed a bug about it here:

http://bugs.mysql.com/bug.php?id=62743

It’s been over 4 days now, and not one comment from the MySQL Bug/Dev Team.

So once again, I feel the need to share this bug with the public, in case you are using SSL with 5.5, and think your connections are secure, or that only users with the certs/key could gain access.

For SSL Users, you’ll already have this set up, but for those who don’t, I’ve simply got mysqld (5.5.15 and 5.5.16 thus far) running with the following options:

ssl-ca      = …

[Read more]

Top Authors

Oracle MySQL Blogs

Vendor Blogs

MySQL Links